Introduction While working on a PG practice intermediate Active Directory machine, I found that LDAP anonymous bind was enabled. This allowed me to enumerate user accounts, where one had a passwor...

Introduction On this intermediate-level PG practice Linux machine, I discovered two web application endpoints—one vulnerable to Directory Traversal and the other requiring authentication for Remot...

Introduction On this intermediate-level PG practice Linux machine, I discovered a zip file containing an SSH private key exposed in a web-accessible directory. The key was restricted to scp usage o...

Introduction On this intermediate-level PG practice Linux box, I discovered email-related ports (SMTP, IMAP, POP3) were open. Using SMTP user enumeration, I harvested valid usernames and then perf...

Introduction On this hard PG practice Linux box, I discovered a Cassandra Web interface vulnerable to Local File Inclusion (LFI). Using LFI, I extracted the FreeSWITCH event_socket password and ga...

Introduction On this intermediate-level PG Practice Linux box, I identified a vulnerable TeamCity instance. After enabling debug mode, I exploited it to gain a reverse shell. While enumerating, I ...

Introduction On this intermediate PG Practice Linux box, I discovered a vulnerable LimeSurvey instance, which I exploited to gain initial access. During enumeration, I found plaintext credentials ...

Introduction On this intermediate-level Linux machine from PG Practice, I identified a file upload vulnerability that, when chained with directory traversal and Local File Inclusion (LFI), allowed...

Introduction EscapeTwo is an easy difficulty Windows Active Directory machine focused on chained misconfigurations leading to domain compromise. The scenario starts with provided credentials for a...

Introduction CozyHosting is an easy-difficulty Linux machine featuring a vulnerable Spring Boot application with the Actuator endpoint exposed. By enumerating this endpoint, a user session cookie ...