Main Page

From aldeid
Jump to navigation Jump to search

Pentesting   •    Web Exploitation   •    Cryptography   •    Forensics   •    Reversing   •    Binary Exploitation   •    CTF   •    Threat Hunting

email twitter github RSS


VulnHub > Djinn 3

Sun, 27 Sep 2020 20:25:00 +0000

Intermediate level VulnHub challenge involving enumeration, services discovery, exploitation of a python web application via injection in the Jinja2 SSTI, uncompiling python sources, and much more. Many things to learn!

Read more


VulnHub > Healthcare 1

Thu, 24 Sep 2020 20:30:00 +0000

You will need to perform a deeper enumeration than usual to discover a hidden OpenEMR installation, then exploit a SQLi vulnerability to get an initial shell, before elevating your privileges with a SUID program.

Read more


TryHackMe > Dave's Blog

Wed, 23 Sep 2020 16:30:00 +0000

Interesting challenge that covers many topics, including JWT Web tokens, node.js, MongoDB, Buffer Overflows and python scripting.

Read more


Vulnhub > wpwn 1

Tue, 22 Sep 2020 20:03:00 +0000

Easy but funny challenge where you'll need to enumerate the web server, find a Wordpress installation, identify the vulnerable plugin and exploit it to get a shell.

Read more


Vulnhub > Cherry 1

Tue, 22 Sep 2020 18:21:00 +0000

Easy challenge involving web enumeration, source code disclosure vulnerability, and privilege escalation.

Read more


Vulnhub > Chili 1

Sun, 20 Sep 2020 18:21:00 +0000

Brute force an FTP account and add a privileged account in a world-writable "/etc/passwd" file to get the root flag.

Read more


HackTheBox > Machines > OpenKeyS

Sat, 19 Sep 2020 21:13:00 +0000

Exploit an authentication bypass vulnerability and the CVE-2019-19520 vulnerability to get the user and root flags on an OpenBSD target.

Read more


TryHackMe > Jacob the Boss

Sat, 19 Sep 2020 08:17:00 +0000

Easy challenge around the discovery and exploitation of JBOSS vulnerabilities.

Read more


HackTheBox > Machines > Tabby

Thu, 17 Sep 2020 20:08:00 +0000

Easy difficulty challenge combining several interesting techniques enumeration, local file inclusion, password protected archive, upload of a reverse shell in the Tomcat manager, privilege escalation via custom image to exploit the lxd container.

Read more


HackTheBox > Machines > Cache

Thu, 17 Sep 2020 06:45:00 +0000

Medium difficulty challenge where you'll need to dicover hidden locations to discover credentials, reveal hidden virtual hosts, exploit a vulnerable application with SQL injection, find a remote execution exploit, exploit memcached and docker. A lot of content to learn!

Read more

Older entries »