Filtering by category tryhackme

• 

  Library

  Brute forcing SSH access and escalating using a poorly configured sudo rule

  December 27, 2024
• 

  CyberLens

  Exploiting Apache Tika 1.17 with MetaSploit and abusing `AlwaysInstallElevated` to escalate to SYSTEM

  December 26, 2024
• 

  TryHack3M: Bricks Heist

  Exploiting Wordpress v1.9.5 (CVE-2024-25600) and blockchain forensics

  December 19, 2024
• 

  Pyrat

  RCE through an open port which executes Python code, finding credentials in a Git config file and brute forcing a Python service

  December 17, 2024
• 

  Lookup

  Using FFUF to brute force a user name and password and abusing a binary to read files as root

  December 16, 2024
• 

  The Sticker Shop

  Basic XSS in through a form

  December 16, 2024
• 

  Whiterose

  Vhost fuzzing, Server-side template injection (STTI) for EJS and privilege escalation through sudoedit

  November 8, 2024
• 

  Anonforce

  Anonymous FTP access and cracking a private GPG key file

  August 27, 2024
• 

  Brooklyn Nine Nine

  Steganography and a GTFOBin for Nano and Less

  August 26, 2024
• 

  U.A. High School

  RCE through a hidden command injection parameter, finding credetials with steghide on an image and privilege escalation through a bash script with sudo permissions

  August 25, 2024