Recent Writeups:
12 Dec 2022
Your SYSTEM access does not impress me.windows iot-core sirep-rat netcat hashcat pscredential
02 Dec 2022
Knock, knock, knockin' on ssh's door.linux password-cracking lfi phpliteadmin rce strings port-knocking chkrootkit
02 Nov 2022
Exploits as boundless as the sea.windows iis file-upload reverse-shell powershell ms10-059
27 Oct 2022
Priority message for Mr. dot-dot-slash-dot-dot-slash..linux apache-james bash-completion rce cron
18 Oct 2022
Optical Exploit Recognition, so hot right now.linux ocr ssti reverse-shell pam
25 Jul 2022
Please enter your preferred method of exploit, followed by the pound sign.linux elastix freepbx lfi rce sudo nmap
12 Jul 2022
All couples eventually look the same.windows webdav token-kidnapping windows-exploit-suggester
06 Jul 2022
Don't believe the hIPe.linux nibbleblog brute-force ip-spoofing file-upload sudo
29 Jun 2022
A volatile situation.windows iis oracle odat reverse-shell volatility pass-the-hash
28 Jun 2022
Tick, shell, tick, shell..linux dns zone-transfer command-injection reverse-shell crontab
27 Jun 2022
Meterpreter-free shells all the way down.windows anonymous-ftp asp powershell ms11-046
20 Jun 2022
Good evening sir, may I take your coat and hash?windows jenkins powershell keepass john pass-the-hash alternate-data-streams
08 Jun 2022
Blame the contractor is still as convenient as ever.windows active-directory rpc password-spraying powershell-logs bloodhound dll-injection
02 Jun 2022
A potato by any other name would be as sw33t.windows drupal powershell chisel netcat juicy-potato
24 May 2022
/msg administrator time to change your password?windows achat buffer-overflow wdigest impacket
23 May 2022
/proc/and/roll!linux feroxbuster api-hacking proc reverse-shell password-reuse
17 May 2022
A history of bad security practices.linux feroxbuster openssl heartbleed tmux
10 May 2022
What, you've never seen the user-agent() { :;}; before?
linux apache cgi-bin shellshock sudo
09 May 2022
Some encryption algorithms with believe anything they read.windows active-directory smb gpp as-rep-roasting impacket hashcat
04 May 2022
This isn't the password entry field you're looking for.windows nfs backup hashcat metasploit team-viewer
26 Apr 2022
Cloudy, with a chance of command injection.netbsd lua command-injection example-credentials gnupg doas
20 Apr 2022
The favicon is mightier than the sword.windows smb responder ntlmv2 hashcat meterpreter printer dll-hijacking
11 Apr 2022
Take this SSTI and callback in the morning.linux burp-suite ssti splunk-forwarder rce
07 Apr 2022
Elementary my dear Watson... Watson? Watson?windows hfs command-injection winpeas ms16-032
29 Mar 2022
Mind the rabbit-holes and follow the saved creds to the End World.linux wordpress phpmyadmin password re-use sudo
24 Feb 2022
It's getting hot in here.. so take off all your pre-authentication!windows active-directory asreproasting kerberoasting crackmapexec bloodhound mimikatz dcsync
21 Feb 2022
Don't lose sight of the forest for the admin session.windows active-directory asreproasting bloodhound dcsync impacket
18 Feb 2022
HTB Bank - probably not where you want to keep your money.linux burp-suite file-upload web-shell linpeas setuid
17 Feb 2022
Can't find the method of automation? Doesn't mean it's not there.linux web-shell sudo cron
14 Feb 2022
New year, (kind of) a new password.windows config-backup password-incrementing psexec
09 Feb 2022
Traverse your way around to some poorly-managed creds, before exploiting a local network monitoring service.
windows anonymous-ftp directory-traversal nscp
06 Feb 2022
Quirky, *nix-like box that rewards thorough enumeration and attention to detail.chrome-os wordpress auto-login initctl
04 Feb 2022
A wide-open tomcat server that you can easily declare .WAR on!windows apache-tomcat reverse-shell
02 Feb 2022
People are often the weakest part of any system's security - it pays to remember that for this box.linux sql-injection password-reuse
30 Jan 2022
Neat collection of browser-based security tools, that can be turned against the box with the right input.linux reverse-shell command-injection metasploit
26 Jan 2022
Battle Windows Defender & AMSI to get through the door, then let the user's poor choice of downloads take care of the rest.windows exploitdb powershell chisel buffer-overflow
14 Jan 2022
Vote 1 - Unvalidated file uploads!windows nmap ssrf always-install-elevated
12 Jan 2022
Good News Everyone! Target seems to be exploitable (Code execution)! w00hooOO!drupal rce hashcat snap
10 Jan 2022
Blue is a Windows-based machine authored by ch4p, with an average rating of 4.5 stars.
smb eternal-blue metasploit
10 Nov 2021
Secret is a Linux-based machine authored by z9fr, with an average rating of 4.1 stars.
jwt git setuid core-dump strings
10 Nov 2021
Previse is a Linux-based machine authored by m4lwhere, with an average rating of 4.4 stars.
linux burp-suite reverse-shell john-the-ripper linpeas sudo
09 Nov 2021
Pretium is a Windows-based investigation authored by BTLO.
windows malware powershell wireshark tshark cyberchef
05 Nov 2021
Horizontall is a Linux-based machine authored by wail99, with an average rating of 4.2 stars.
linux gobuster chisel laravel
01 Nov 2021
Phishy is a Linux-based investigation authored by BTLO.
linux osint
28 Oct 2021
Explore is an Android-based machine authored by bertolis, with an average rating of 4.1 stars.
android nmap metasploit adb
27 Oct 2021
Investigating Windows is a forensics room that involves determining the extent of compromise of a Windows host.
windows powershell event-viewer task-scheduler mimikatz c2
26 Oct 2021
BountyHunter is a Linux-based machine authored by ejedev, with an average rating of 4.5 stars.
burp-suite cyber-chef linux nmap python xml xxe
24 Oct 2021
Knife is a Linux-based machine authored by MrKN16H7, with an average rating of 3.5 stars.
burp-suite gtfo knife linux nmap php sudo