Filtering by category tryhackme

• 

  Easy Peasy

  Finding hidden directories, using steghide and abusing a cronjob to escalate to root

  August 23, 2024
• 

  TakeOver

  Vhost / subdomain enumeration and domain takeover

  August 7, 2024
• 

  Enumeration & Brute Force

  Brute forcing basic auth with Hydra and a OTP with a custom python script

  August 3, 2024
• 

  Publisher

  Exploiting SPIP 4.2.0 (CVE-2023-27372) and privilege escalation through Docker

  August 2, 2024
• 

  mKingdom

  Using default credentials to access the CMS, uploading a malicious PHP file to get RCE and escalating privileges using write access to /etc/hosts

  June 28, 2024
• 

  Cyborg

  Cracking the password of a Borg archive and abusing permissions to execute code as root

  May 18, 2024
• 

  Ignite

  Exploiting FuleCMS v1.4 and escalating to root with password reuse

  May 18, 2024
• 

  MD2PDF

  Injecting an iframe in a markdown file to gain access to an HTTP server which only allows connections from localhost

  May 17, 2024
• 

  Agent Sudo

  Password attack with hydra and stegseek

  January 4, 2024
• 

  GamingServer

  Finding an encrypyed SSH key and dictionary and escalating through LXC

  January 4, 2024