Introduction In this walkthrough, I found a Nextcloud instance hosted as one of the web applications. I was able to log in using default credentials (admin:admin). Within the dashboard, I discover...

Introduction In this walkthrough, I discovered a web application hosted on an IIS 7.5 server. I performed IIS shortname enumeration and server was actually vulnerable to it, feroxbuster revealed a...

Introduction In this walkthrough, I worked on an easy Linux machine from the HTB labs. I discovered a subdomain during enumeration and used git-dumper to extract the .git repository locally. Analy...

Introduction In this walkthrough, I worked on an intermediate-level Linux box from PG Practice named Hetemit. While enumerating the web application, I discovered an endpoint (/verify) that evaluat...

Introduction In this walkthrough, I worked on an easy Linux machine from HTB called Editorial. While analyzing the web application, I discovered an endpoint that made external HTTP requests — a cl...

Introduction In this walkthrough, I worked on the Nickel intermediate Windows machine from PG Practice. After discovering several open ports, I focused on port 8089, which hosted a DevOps dashboar...

Introduction In this walkthrough, I worked on the Mantis intermediate Linux machine from PG Practice. The target hosted Mantis Bug Tracker, and while several public exploits failed initially, I di...

Introduction In this walkthrough, I worked on the Hokkaido intermediate Active Directory machine from PG Practice. I began by enumerating usernames using Kerbrute, and then conducted password brut...

Introduction In this walkthrough, I worked on the Hepet intermediate Windows machine from PG Practice. While browsing the target’s website, I found a user password exposed in the team section’s de...

Introduction In this walkthrough, I explored the Vault hard Active Directory machine. During enumeration, I discovered a writable SMB share. By placing a malicious .lnk (shortcut) file on the shar...