Summary This machine involves exploiting an XSS vulnerability in a markdown file upload feature to perform directory traversal, leading to the discovery of an .htpasswd file. Cracking the hash wit...

Summary The machine on involves exploiting a Flask web app vulnerable to CVE-2024-23334 in pymatgen. Uploading a malicious CIF file with a reverse shell grants initial access as the app user. Port...

Summary Install Kerbrute on Kali ARM64: clone, modify Makefile (add arm64), compile, verify. Enables Kerberos brute-force testing. └─# git clone https://github.com/ropnop/kerbrute.git Cloning int...

Summary Scrambled begins with enumerating a Domain Controller, discovering valid users via Kerbrute. Forcing Kerberos authentication with impacket-smbclient reveals an SMB share containing a PDF h...

Summary An attacker enumerates SMB, finding a share with UserInfo.exe. Decompiling it reveals LDAP credentials (support\ldap). LDAP queries expose the support user’s password in the info field. Us...

Summary Resource-Based Constrained Delegation (RBCD) is a feature in Active Directory (AD) that allows a service to delegate access to another service on behalf of a user. Creating a Machine Acco...

Summary The machine begins with port scans revealing SSH (22), HTTP (80/64999). The web app on port 80 uses IronWAF, with a vulnerable room.php parameter (cod) allowing SQL injection via UNION-bas...

Summary A pfSense firewall (HTTPS) with default credentials (admin:pfsense) on port 443 is vulnerable to CVE-2014-4688 (graph injection). Exploiting via Metasploit grants root access. Sensitive fi...