Mountaineer is a hard-rated TryHackMe machine that begins with discovering a WordPress site hosted on a vulnerable Nginx web server. The server is susceptible to Local File Inclusion (LFI) due to m...

Editorial is an easy machine by HackTheBox where We start by exploiting an SSRF vulnerability in a book cover upload feature, which reveals an internal open port. Using credentials leaked from an A...

Backtrack is a medium-rated TryHackMe machine focused on Local File Inclusion (LFI). It begins with exploiting an Aria2 web app vulnerable to LFI, leading to a Tomcat credentials leak and gaining a...

Blurry is a medium box on HTB where we discovered a ClearML application. By exploiting CVE-2024-24590, that was affecting the ClearML web app, we gained a reverse shell. For privilege escalation, w...

Pyrat is an easy-rated TryHackMe machine that simulates a running Python RAT on an open socket. The challenge involves leaking a GitHub account to gain access to the PyRat source code, which helps ...

The London Bridge is a TryHackMe Medium machine where we first start by discovering an internal web server through SSRF, finding a .ssh folder that contains a private key, making it into the machin...

Cheese CTF is a TryHackMe easy machine where it starts finding an LFI vulnerability leading to RCE, escalate our privileges through a writable authorized_keys for then to manipulate a .timer servic...

Breakme is a Medium Tryhackme room where we start by exploiting an outdated wordpress plugin to gain higher privileges, gaining a reverse shell we found an internal web server that’s vulnerable to ...

Hammer is a medium rated room on TryHackMe. The room starts with a web server on an unusual port having a login page and a reset password feature, enumerating the web server we found an email that ...

U.A. High School is an easy Tryhackme box where we start by finding a GET parameter that allows us to execute code, once in the box, we found a corrupted image that contains a user creds for then t...