Filtering by category tryhackme

• 

  MD2PDF

  Injecting an iframe in a markdown file to gain access to an HTTP server which only allows connections from localhost

  May 17, 2024
• 

  Agent Sudo

  Password attack with hydra and stegseek

  January 4, 2024
• 

  GamingServer

  Finding an encrypyed SSH key and dictionary and escalating through LXC

  January 4, 2024
• 

  Brute It

  HTTP post form attack with Hydra and cat-ing passwd and the shadow file

  January 4, 2024
• 

  ConvertMyVideo

  Remote file execution through an api

  December 21, 2023
• 

  Hacker vs Hacker

  Gaining access to an already compromised machine and stopping a script that tries to kick us out

  September 15, 2023
• 

  Lesson Learned

  SQL injection using `AND 1=1-- -` instead of `OR 1=1-- -`

  September 11, 2023
• 

  Cat Pictures 2

  Security through obscurity, exploiting a Ansible playbook script and a kernel exploit

  August 7, 2023
• 

  LazyAdmin

  RCE through command injection and priv esc through a backup script we can write to

  June 30, 2023
• 

  Kiba

  Exploiting Kibana Timelion to get a reverse shell and escalating with cap_setuid in Python

  June 30, 2023