Recent Writeups:

12 Dec 2022
Your SYSTEM access does not impress me.windows iot-core sirep-rat netcat hashcat pscredential

02 Dec 2022
Knock, knock, knockin' on ssh's door.linux password-cracking lfi phpliteadmin rce strings port-knocking chkrootkit

02 Nov 2022
Exploits as boundless as the sea.windows iis file-upload reverse-shell powershell ms10-059

27 Oct 2022
Priority message for Mr. dot-dot-slash-dot-dot-slash..linux apache-james bash-completion rce cron

18 Oct 2022
Optical Exploit Recognition, so hot right now.linux ocr ssti reverse-shell pam

25 Jul 2022
Please enter your preferred method of exploit, followed by the pound sign.linux elastix freepbx lfi rce sudo nmap



12 Jul 2022
All couples eventually look the same.windows webdav token-kidnapping windows-exploit-suggester


06 Jul 2022
Don't believe the hIPe.linux nibbleblog brute-force ip-spoofing file-upload sudo

29 Jun 2022
A volatile situation.windows iis oracle odat reverse-shell volatility pass-the-hash

28 Jun 2022
Tick, shell, tick, shell..linux dns zone-transfer command-injection reverse-shell crontab

27 Jun 2022
Meterpreter-free shells all the way down.windows anonymous-ftp asp powershell ms11-046


20 Jun 2022
Good evening sir, may I take your coat and hash?windows jenkins powershell keepass john pass-the-hash alternate-data-streams


08 Jun 2022
Blame the contractor is still as convenient as ever.windows active-directory rpc password-spraying powershell-logs bloodhound dll-injection

02 Jun 2022
A potato by any other name would be as sw33t.windows drupal powershell chisel netcat juicy-potato

24 May 2022
/msg administrator time to change your password?windows achat buffer-overflow wdigest impacket

23 May 2022
/proc/and/roll!linux feroxbuster api-hacking proc reverse-shell password-reuse

17 May 2022
A history of bad security practices.linux feroxbuster openssl heartbleed tmux


10 May 2022
What, you've never seen the user-agent() { :;};before?
linux apache cgi-bin shellshock sudo

09 May 2022
Some encryption algorithms with believe anything they read.windows active-directory smb gpp as-rep-roasting impacket hashcat

04 May 2022
This isn't the password entry field you're looking for.windows nfs backup hashcat metasploit team-viewer

26 Apr 2022
Cloudy, with a chance of command injection.netbsd lua command-injection example-credentials gnupg doas

20 Apr 2022
The favicon is mightier than the sword.windows smb responder ntlmv2 hashcat meterpreter printer dll-hijacking

11 Apr 2022
Take this SSTI and callback in the morning.linux burp-suite ssti splunk-forwarder rce

07 Apr 2022
Elementary my dear Watson... Watson? Watson?windows hfs command-injection winpeas ms16-032

29 Mar 2022
Mind the rabbit-holes and follow the saved creds to the End World.linux wordpress phpmyadmin password re-use sudo

24 Feb 2022
It's getting hot in here.. so take off all your pre-authentication!windows active-directory asreproasting kerberoasting crackmapexec bloodhound mimikatz dcsync

21 Feb 2022
Don't lose sight of the forest for the admin session.windows active-directory asreproasting bloodhound dcsync impacket

18 Feb 2022
HTB Bank - probably not where you want to keep your money.linux burp-suite file-upload web-shell linpeas setuid

17 Feb 2022
Can't find the method of automation? Doesn't mean it's not there.linux web-shell sudo cron

14 Feb 2022
New year, (kind of) a new password.windows config-backup password-incrementing psexec

09 Feb 2022
Traverse your way around to some poorly-managed creds, before exploiting a local network monitoring service.
windows anonymous-ftp directory-traversal nscp

06 Feb 2022
Quirky, *nix-like box that rewards thorough enumeration and attention to detail.chrome-os wordpress auto-login initctl

04 Feb 2022
A wide-open tomcat server that you can easily declare .WAR on!windows apache-tomcat reverse-shell

02 Feb 2022
People are often the weakest part of any system's security - it pays to remember that for this box.linux sql-injection password-reuse

30 Jan 2022
Neat collection of browser-based security tools, that can be turned against the box with the right input.linux reverse-shell command-injection metasploit

26 Jan 2022
Battle Windows Defender & AMSI to get through the door, then let the user's poor choice of downloads take care of the rest.windows exploitdb powershell chisel buffer-overflow

14 Jan 2022
Vote 1 - Unvalidated file uploads!windows nmap ssrf always-install-elevated

12 Jan 2022
Good News Everyone! Target seems to be exploitable (Code execution)! w00hooOO!drupal rce hashcat snap

10 Jan 2022
Blue is a Windows-based machine authored by ch4p, with an average rating of 4.5 stars.
smb eternal-blue metasploit

10 Nov 2021
Secret is a Linux-based machine authored by z9fr, with an average rating of 4.1 stars.
jwt git setuid core-dump strings

10 Nov 2021
Previse is a Linux-based machine authored by m4lwhere, with an average rating of 4.4 stars.
linux burp-suite reverse-shell john-the-ripper linpeas sudo

09 Nov 2021
Pretium is a Windows-based investigation authored by BTLO.
windows malware powershell wireshark tshark cyberchef

05 Nov 2021
Horizontall is a Linux-based machine authored by wail99, with an average rating of 4.2 stars.
linux gobuster chisel laravel

01 Nov 2021
Phishy is a Linux-based investigation authored by BTLO.
linux osint

28 Oct 2021
Explore is an Android-based machine authored by bertolis, with an average rating of 4.1 stars.
android nmap metasploit adb

27 Oct 2021
Investigating Windows is a forensics room that involves determining the extent of compromise of a Windows host.
windows powershell event-viewer task-scheduler mimikatz c2

26 Oct 2021
BountyHunter is a Linux-based machine authored by ejedev, with an average rating of 4.5 stars.
burp-suite cyber-chef linux nmap python xml xxe

24 Oct 2021
Knife is a Linux-based machine authored by MrKN16H7, with an average rating of 3.5 stars.
burp-suite gtfo knife linux nmap php sudo