Hello username.
welcome to this channel about different aspects of hacking. It’s planned to be a personal blog to share different writeups and resources, that might comes handy in your journey of penetration testing, exploit development, or bug bounty hunting.
Hack the planet!

Tags:
#hackthebox #tryhackme #vulnhub #exploitdev #nebula #review #pentest #cert #review #exploitdev #binaryexploitation #web #memes #malware #adventofhacking #conference #ctf #RE

I'd like to start with the classic. One of my very first writeups - Mister Robot.
#vulnhub #pentest
https://telegra.ph/Mister-Robot-writeup-09-20

An easy #hackthebox machine where you can practice your Active Directory pentest skills:
https://telegra.ph/Forest-writeup-09-21

Another "classic" Active Directory based machine from HTB. Both Sauna and Forest are currently listed in TJNull's list that can help you to prepare yourself for OSCP exam.

#pentest #ActiveDirectory #hackthebox
https://telegra.ph/Sauna-writeup-09-21

The list itself, in case if you don't know what I'm referring to. This is probably the best resource on your journey to become an #OSCP holder. There are both, #vulnhub and #hackthebox machines with different levels of difficulty. Bonus points for those who can actually figure out why each machine is listed there 😉
https://docs.google.com/spreadsheets/d/1dwSMIAPIam0PuRBkCiDI88pU3yzrqqHkDtBngUHNCw8

A bunch of next writeups will be for Offensive Pentesting learning path from #tryhackme. You can learn more about it here: https://tryhackme.com/path/outline/pentesting.
It's also a nice way to prepare yourself for the #OSCP exam, so I noted down almost all writeups for it as well.
Enjoy!

The Vulnversity will be the first machine in this series. It's a pretty classic exploitation path for the web server with further privilege escalation process via abusing the SUID bit on one of the binaries. For all machines in this series I put takeaways at the end of the writeup.

#tryhackme #pentest
https://telegra.ph/Vulnversity-09-22

Exploiting the legendary EternalBlue (CVE-2017-0144) vulnerability in this TryHackMe machine.

#pentest #tryhackme
https://telegra.ph/Blue-09-22-4

Kenobi is the third machine in TryHackMe’s Offensive pentesting path. Identifying and exploiting the vulnerability in FTP server. To escalate privileges to root you will need to use the combination of SUID binary and PATH variable.

#pentest #tryhackme
https://telegra.ph/Kenobi-09-22

Another Mr.Robot-themed machine. Exploiting the HTTP file server to get the initial shell, and finding a Unquoted Service Path vulnerability to privesc,

#tryhackme #pentest
https://telegra.ph/Steel-Mountain-09-23

From Mr.Robot to Batman! In Alfred you will need to exploit misconfigured Jenkins instance, and on a later stage impersonate a client with the SeImpersonatePrivilege role.

#tryhackme #pentest
https://telegra.ph/Alfred-09-23

Moar themed machines! Next in the line - IT. Bruteforcing our way into the web server, finding the exploit for Remote Code Execution, and getting the root by tampering the misconfigured service.

#tryhackme #pentest
https://telegra.ph/HackPark-09-23

Theme for the next machine is Hitman, as in this box you will be breaking into the forum about games.
SQL injection for the foothold, and quite tricky PrivEsc as I wanted to avoid using Metasploit.

#tryhackme #pentest
https://telegra.ph/Game-Zone-09-23

Dipping your toes into Digital Forensic just a bit. Analyzing the .pcap file to replicate attacker's action. This machine is different from others in this series, but it's worth checking.

#tryhackme #pentest
https://telegra.ph/Ovrpass2-09-23

Hacking Skynet in this Terminator-themed machine. A LOT of enumeration with a pinch of brute forcing. Exploitation is straight forward, PrivEsc part will...take some time 😉

#tryhackme #pentest
https://telegra.ph/Skynet-09-23

The machine that will force you to TRY HARDER

#tryhackme #pentest
https://telegra.ph/Relevant-09-23

The last writeup on Offensive Pentesting learning path from me. Kicking Wordpress and Jenkins instance in that one.

https://telegra.ph/Internal-09-23-2