Introduction In this walkthrough, I gained remote code execution by chaining together a misconfigured Redis instance and an anonymous FTP service. The Redis server had the MODULE LOAD capability e...

Introduction In this walkthrough, I worked on Mailing, an easy-difficulty Windows machine running hMailServer. The machine also hosts a website vulnerable to Path Traversal. I exploited this vulne...

Introduction In this walkthrough, I exploited a Subrion CMS instance that was vulnerable to an authenticated file upload bypass, which allowed me to upload a malicious PHP file and achieve remote ...

Introduction In this walkthrough, I tackled Sauna, an easy-difficulty Windows machine focused on Active Directory enumeration and exploitation. I began by visiting the company’s website, where I f...

Introduction In this walkthrough, I began by scanning the target machine and found that ports 22 and 80 were open. Upon visiting port 80, I encountered a web application named MZEE-AV, which simul...

Introduction In this walkthrough, I started by scanning the target and found that ports 22 and 80 were open. Navigating to port 80, I discovered the application was running Laravel version 8.4.0. ...

Introduction In this walkthrough, I began by scanning the target machine and identified that ports 22, 9090, and 9091 were open. Navigating to port 9090, I discovered a web login console for the O...

Introduction In this walkthrough, I discovered that the target machine had multiple open ports, and navigating to port 80, I found a web interface for Elastix. I identified the application version...

Introduction In this walkthrough, I exploited a PG Practice machine running BoxBilling CMS. Upon scanning the target, I identified ports 22 (SSH) and 80 (HTTP) as open. After resolving the domain ...

Introduction In this walkthrough, I explored an intentionally vulnerable PG Practice machine and identified several open ports: 22 (SSH), 80 (HTTP), 8080 (alternate HTTP), and 6379 (Redis). Upon e...