Introduction In this machine, I discovered an HTTP service running on port 80 and performed enumeration using Gobuster and manual inspection. This revealed a Monstra 3.0.4 CMS instance, which I acc...

Introduction In this guide, I discovered an HTTP service running on port 33414 and enumerated its API endpoints using Gobuster. By targeting the file-upload endpoint, I was able to upload files to ...

Introduction During enumeration, I identified ports 80, 33017, and 22 as open. Exploring the web services, I found a file manager that required email confirmation for my newly created user. Using B...

Introduction In this walkthrough, I encountered a WordPress site and gained access using credentials discovered in SMB shares. Once authenticated, I edited the index.php file of the active theme t...

Introduction In this walkthrough, I worked on an Intermediate Windows machine on HTB. I started by exploiting a CSRF vulnerability to craft a malicious password reset link and delivered it to a us...

Introduction In this walkthrough, I found a Nextcloud instance hosted as one of the web applications. I was able to log in using default credentials (admin:admin). Within the dashboard, I discover...

Introduction In this walkthrough, I discovered a web application hosted on an IIS 7.5 server. I performed IIS shortname enumeration and server was actually vulnerable to it, feroxbuster revealed a...

Introduction In this walkthrough, I worked on an easy Linux machine from the HTB labs. I discovered a subdomain during enumeration and used git-dumper to extract the .git repository locally. Analy...

Introduction In this walkthrough, I worked on an intermediate-level Linux box from PG Practice named Hetemit. While enumerating the web application, I discovered an endpoint (/verify) that evaluat...

Introduction In this walkthrough, I worked on an easy Linux machine from HTB called Editorial. While analyzing the web application, I discovered an endpoint that made external HTTP requests — a cl...