Sightless is a HackTheBox easy machine where we began by enumerating open ports, revealing FTP, SSH, and a web server. The web server hosted a SQLPad instance vulnerable to CVE-2022-0944, which we ...

Table of Contents Introduction Personal Experience Training and Preparation Effective Note-Taking Strategies Strengths Drawbacks eCPPT v3 vs. v2 Useful Resources and References ...

Sea is a HackTheBox easy machine where we started by exploiting a vulnerability in WonderCMS gaining a reverse shell, from there a hash was found and we were able to retrieve its plain-text value g...

GreenHorn is an easy machine by HackTheBox where we are dealing with a Pluck web application, digging around we find the source code of the web app from there we gain access to admin panel where we...

Whiterose is a easy-rated TryHackMe machine where we first start by discovering a subdomain, using provided credentials we were able to log in into the web application, discovering an IDOR vulnerab...

Mountaineer is a hard-rated TryHackMe machine that begins with discovering a WordPress site hosted on a vulnerable Nginx web server. The server is susceptible to Local File Inclusion (LFI) due to m...

Editorial is an easy machine by HackTheBox where We start by exploiting an SSRF vulnerability in a book cover upload feature, which reveals an internal open port. Using credentials leaked from an A...

Backtrack is a medium-rated TryHackMe machine focused on Local File Inclusion (LFI). It begins with exploiting an Aria2 web app vulnerable to LFI, leading to a Tomcat credentials leak and gaining a...

Blurry is a medium box on HTB where we discovered a ClearML application. By exploiting CVE-2024-24590, that was affecting the ClearML web app, we gained a reverse shell. For privilege escalation, w...

Pyrat is an easy-rated TryHackMe machine that simulates a running Python RAT on an open socket. The challenge involves leaking a GitHub account to gain access to the PyRat source code, which helps ...