Introduction In this walkthrough, I exploited Networked, an easy-difficulty Linux machine vulnerable to a file upload bypass, which enabled me to upload a reverse shell and gain initial code execu...

Introduction In this walkthrough, I worked on Broker, an easy-difficulty Linux machine running a vulnerable version of Apache ActiveMQ. During enumeration, I identified the version in use and disc...

Introduction In this walkthrough, I gained remote code execution by chaining together a misconfigured Redis instance and an anonymous FTP service. The Redis server had the MODULE LOAD capability e...

Introduction In this walkthrough, I worked on Mailing, an easy-difficulty Windows machine running hMailServer. The machine also hosts a website vulnerable to Path Traversal. I exploited this vulne...

Introduction In this walkthrough, I exploited a Subrion CMS instance that was vulnerable to an authenticated file upload bypass, which allowed me to upload a malicious PHP file and achieve remote ...

Introduction In this walkthrough, I tackled Sauna, an easy-difficulty Windows machine focused on Active Directory enumeration and exploitation. I began by visiting the company’s website, where I f...

Introduction In this walkthrough, I began by scanning the target machine and found that ports 22 and 80 were open. Upon visiting port 80, I encountered a web application named MZEE-AV, which simul...

Introduction In this walkthrough, I started by scanning the target and found that ports 22 and 80 were open. Navigating to port 80, I discovered the application was running Laravel version 8.4.0. ...

Introduction In this walkthrough, I began by scanning the target machine and identified that ports 22, 9090, and 9091 were open. Navigating to port 9090, I discovered a web login console for the O...

Introduction In this walkthrough, I discovered that the target machine had multiple open ports, and navigating to port 80, I found a web interface for Elastix. I identified the application version...