Summary This machine involves exploiting an XSS vulnerability in a markdown file upload feature to perform directory traversal, leading to the discovery of an .htpasswd file. Cracking the hash wit...

Summary The machine on involves exploiting a Flask web app vulnerable to CVE-2024-23334 in pymatgen. Uploading a malicious CIF file with a reverse shell grants initial access as the app user. Port...

Summary This Windows machine involves exploiting a SQL injection in a web portal (watch.streamio.htb) to extract database credentials (nikk37:get_dem_girls2@yahoo.com). Using evil-winrm, access ni...

Summary Sightless (HTB) involves exploiting SQLPad (CVE-2022-0944) for RCE via Node.js injection, gaining a Docker shell. Cracking hashes with John yields SSH access as michael. A stored XSS (CVE-...

Summary Install Kerbrute on Kali ARM64: clone, modify Makefile (add arm64), compile, verify. Enables Kerberos brute-force testing. └─# git clone https://github.com/ropnop/kerbrute.git Cloning int...

Summary Chatterbox involves exploiting a Windows 7 system. Initial enumeration reveals the AChat service (port 9256) vulnerable to a Remote Buffer Overflow (CVE-2015-1578). Using a public exploit,...

Summary Scrambled begins with enumerating a Domain Controller, discovering valid users via Kerbrute. Forcing Kerberos authentication with impacket-smbclient reveals an SMB share containing a PDF h...

Summary An attacker enumerates SMB, finding a share with UserInfo.exe. Decompiling it reveals LDAP credentials (support\ldap). LDAP queries expose the support user’s password in the info field. Us...

Summary Resource-Based Constrained Delegation (RBCD) is a feature in Active Directory (AD) that allows a service to delegate access to another service on behalf of a user. Creating a Machine Acco...

Summary The machine begins with port scans revealing SSH (22), HTTP (80/64999). The web app on port 80 uses IronWAF, with a vulnerable room.php parameter (cod) allowing SQL injection via UNION-bas...