puppy is an assume-breach medium windows box where you’re given the credentials of levi.james, I started with exploiting a GenericWrite to add my user to the DEVELOPERS groups and gain access to t...

planning is an assume-breach box where you’re given the credentials of admin, which at first is not apparent where to use them. The box had a Grafana instance running that was vulnerable to CVE-202...

fluffy is an assume-breach box where you’re given the credentials of j.fleischman, for this box I exploited CVE-2025-24071 to get p.agila’s credentials, then I abused a few GenericWrites to work my...

for this box, I exploited an XXE to get web credentials for tornado, then achieved code execution trough exploiting an SSTI, after getting a shell I injected a stager shellcode I wrote into a root ...

Codify recon I ran a simple nmap scan to find out port 22, 80 and 3000 are running on the machine $ nmap 10.10.11.239 Starting Nmap 7.94 ( https://nmap.org ) at 2023-11-28 13:40 +01 Nmap scan re...

pilgrimage recon examining the I ran a simple nmap scan to find out port 22 and 80 are running on the machine $ nmap -v -oN ports -v 10.10.11.219 # Nmap 7.94 scan initiated Sat Jul 8 20:01:58 ...

b3dr0ck recon I added the machine’s IP to my /etc/hosts as bedrock.thm then ran an nmap scan to find ssh and http ports open $ sudo nmap bedrock.thm -v PORT STATE SERVICE 22/tcp open ssh...

recon I added the machine’s IP to my /etc/hosts as nope.thm then ran an nmap scan to find ssh and http ports open $ sudo nmap nope.thm -v PORT STATE SERVICE 22/tcp open ssh 80/tcp open http...

recently I’ve played ransomware101 room in secdojo website where I was given a windows box that has a flag ecrypted by a ransomware, and I had to figure out the decryption key to recover it, the ra...

Written by hypervis0r and Jeff Introduction It was a cold winter morning. hypervis0r had just woken up at 1 AM because his sleep schedule was royally fucked, and he hopped onto the private phaset...