Introduction Timelapse is an easy-difficulty Windows machine where enumeration of an SMB share leads to a password-protected zip file. Cracking the zip file reveals an encrypted PFX certificate, w...

Introduction Monteverde is a Medium-difficulty Windows machine centered around Azure AD Connect. After enumerating domain users, a password spray attack revealed that the SABatchJobs account used ...

Introduction While working on a PG practice intermediate Active Directory machine, I found that LDAP anonymous bind was enabled. This allowed me to enumerate user accounts, where one had a passwor...

Introduction On this intermediate-level PG practice Linux machine, I discovered two web application endpoints—one vulnerable to Directory Traversal and the other requiring authentication for Remot...

Introduction On this intermediate-level PG practice Linux machine, I discovered a zip file containing an SSH private key exposed in a web-accessible directory. The key was restricted to scp usage o...

Introduction On this intermediate-level PG practice Linux box, I discovered email-related ports (SMTP, IMAP, POP3) were open. Using SMTP user enumeration, I harvested valid usernames and then perf...

Introduction On this hard PG practice Linux box, I discovered a Cassandra Web interface vulnerable to Local File Inclusion (LFI). Using LFI, I extracted the FreeSWITCH event_socket password and ga...

Introduction On this intermediate-level PG Practice Linux box, I identified a vulnerable TeamCity instance. After enabling debug mode, I exploited it to gain a reverse shell. While enumerating, I ...

Introduction On this intermediate PG Practice Linux box, I discovered a vulnerable LimeSurvey instance, which I exploited to gain initial access. During enumeration, I found plaintext credentials ...

Introduction On this intermediate-level Linux machine from PG Practice, I identified a file upload vulnerability that, when chained with directory traversal and Local File Inclusion (LFI), allowed...