Cicada is an easy HackTheBox machine which simulates an Active Directory environment where we first start by enumerating SMB shares and users available on the box finding a user credentials that al...

Caption is a HackTheBox hard machine where we discovered SSH, HTTP, and GitBucket services. We exploited a GitBucket vulnerability to gain access to the system and found a LogService flaw that allo...

MonitorsThree is a Medium HackTheBox machine where we start by enumerating a web server finding an SQLi that leads to data leak for then gaining a reverse shell by exploiting a vulnerability in cac...

Sightless is a HackTheBox easy machine where we began by enumerating open ports, revealing FTP, SSH, and a web server. The web server hosted a SQLPad instance vulnerable to CVE-2022-0944, which we ...

Table of Contents Introduction Personal Experience Training and Preparation Effective Note-Taking Strategies Strengths Drawbacks eCPPT v3 vs. v2 Useful Resources and References ...

Sea is a HackTheBox easy machine where we started by exploiting a vulnerability in WonderCMS gaining a reverse shell, from there a hash was found and we were able to retrieve its plain-text value g...

GreenHorn is an easy machine by HackTheBox where we are dealing with a Pluck web application, digging around we find the source code of the web app from there we gain access to admin panel where we...

Whiterose is a easy-rated TryHackMe machine where we first start by discovering a subdomain, using provided credentials we were able to log in into the web application, discovering an IDOR vulnerab...

Mountaineer is a hard-rated TryHackMe machine that begins with discovering a WordPress site hosted on a vulnerable Nginx web server. The server is susceptible to Local File Inclusion (LFI) due to m...

Editorial is an easy machine by HackTheBox where We start by exploiting an SSRF vulnerability in a book cover upload feature, which reveals an internal open port. Using credentials leaked from an A...