Banner image Don't give up, try again.
  • Home
  • Cheatsheets
  • Reports
  • Articles
  • About me
  • Support
  • Login
Post cover

HackMyVM - MagiFi

MagiFi is a machine with vulnerabilities like SSTI for remote execution, credential capture via WiFi attacks, and privilege escalation using a malicious binary disguised as a PNG.
Post cover

Vulnlab - Breach

This post describes a complete attack chain executed in a practice lab environment. The process began with enumerating exposed services, followed by exploiting writable SMB shares to capture NTLMv2 hashes. The credentials obtained were used to perform Kerberoasting, and the cracked service account credentials facilitated a Silver Ticket attack to gain administrative control. Each step is detailed below, highlighting the vulnerabilities and exploitation techniques.
Post cover

Vulnlab - Trusted

This report outlines the exploitation and escalation of a multi-domain Active Directory environment involving two servers: labdc.lab.trusted.vl and trusteddc.trusted.vl. The attack progression includes LFI (Local File Inclusion) leading to credential disclosure on labdc.lab.trusted.vl, command injection through database manipulation, credentials extraction to lateral movement and Cross-Domain Escalation using Golden Ticket.
Post cover

Vulnlab - Hybrid

This write-up outlines the exploitation and escalation of a vulnerable infrastructure consisting of two hosts mail01.hybrid.vl and DC01.hybrid.vl. Key vulnerabilities include NFS Misconfiguration leading to file access and impersonation, command injection in a RoundCube plugin, Weak certificate template permissions allowing privilege escalation via ESC1 and Kerberos credential extraction enabling further lateral movement.
Post cover

Vulnlab - Bamboo

This write-up documents the process of identifying and exploiting vulnerabilities on a server hosting a Squid proxy and a vulnerable instance of PaperCut NG. Privilege escalation is achieved by leveraging weak file permissions and a misconfigured scheduled execution of a trusted binary.
Post cover

Vulnlab - Baby2

This write-up details the exploitation of a Windows domain controller vulnerable to several misconfigurations, leveraging SMB access, password spraying, and GPO abuse to escalate privileges from a low-privileged user to domain administrator.
Post cover

Vulnlab - Sync

This post details the exploitation of a Linux server running FTP, HTTP, Rsync, and SSH services. The attack involves leveraging the Rsync service to retrieve sensitive information, crack hashed credentials, and ultimately escalate privileges to root.
Post cover

Vulnlab - Retro2

This post details the steps followed during the exploitation of a machine in a penetration testing lab. The process covers initial reconnaissance, enumeration, exploitation, and privilege escalation to achieve full control over the target system.
Post cover

Vulnlab - Retro

This write-up documents the exploitation of a simulated Active Directory (AD) environment in a practice lab. The goal was to identify vulnerabilities and escalate privileges to the domain administrator level while leveraging various enumeration, exploitation, and post-exploitation techniques.
Post cover

Vulnlab - Manage

This write-up covers the exploitation of a vulnerable Ubuntu-based environment featuring Java RMI, Apache Tomcat, and OpenSSH services. The goal is to identify misconfigurations, gain initial access, and escalate privileges to the root user.