s1gh.sh

Hack The Box: pivotapi

Sat, 06 Nov 2021 16:09:00 GMT

Writeup of the PivotAPI machine from Hack The Box

Hack The Box Business CTF 2021: BBQ

Mon, 26 Jul 2021 18:38:48 GMT

Writeup of the fullpwn challenge called BBQ from HackTheBox Business CTF 2021

Hack The Box Business CTF 2021: Larablog

Mon, 26 Jul 2021 17:53:27 GMT

Writeup of the web challenge called Emergency from HackTheBox Business CTF 2021

Hack The Box Business CTF 2021: Emergency

Sun, 25 Jul 2021 20:42:42 GMT

Writeup of the web challenge called Emergency from HackTheBox Business CTF 2021

Hack The Box Business CTF 2021: NoteQL

Sun, 25 Jul 2021 19:21:11 GMT

Writeup of the web challenge called NoteQL from HackTheBox Business CTF 2021

Hack The Box Business CTF 2021: Time

Sun, 25 Jul 2021 19:09:10 GMT

Writeup of the web challenge called Time from HackTheBox Business CTF 2021

Hack The Box Business CTF 2021: discordvm

Sun, 25 Jul 2021 18:34:55 GMT

Writeup of the misc challenge called discordvm from HackTheBox Business CTF 2021

Hack The Box: Breadcrumbs

Fri, 16 Jul 2021 18:55:00 GMT

New weekly challenge that contains forging of Json Web Tokens, bruteforcing of session cookies, SQLi and more.

Discord DLL Hijacking

Fri, 04 Jun 2021 09:57:04 GMT

By hijacking a DLL we can use Discord as a way of getting persistence on a compromised system. Nothing new but a fun experiment nonetheless.

PDF + JavaScript = MFT Corruption?

Sun, 24 Jan 2021 19:57:24 GMT

By embedding specially crafted JS into a PDF, we can trigger a recently discovered vulnerability in the NTFS driver and potentially corrupt the MFT.

CVE-2020-27985 - Security Onion - Local Privilege Escalation

Fri, 20 Nov 2020 15:41:41 GMT

Security Onion V2 prior to v2.3.10 ships with a sudo misconfiguration that lets local users get root by editing so-setup, no password needed.

Ho-Ho-Honeypot

Sun, 15 Nov 2020 20:48:31 GMT

The holiday season is nearly upon us and it's time to get into the christmas spirit. And what better way to do exactly that than to combine a christmas tree with cyber security?

TryHackMe: Ra

Thu, 16 Jul 2020 22:00:00 GMT

New weekly challenge on THM. This writeup covers CrackMapExec, Evil-WinRM, a new CVE in Spark and more.

ListCombine

Fri, 26 Jun 2020 20:18:18 GMT

So, this isn't a new, groundbreaking tool. Tools used to combine wordlists have existed since... forever. The problem is that I often find myself in the situation where I need a simple tool to create a combined wordlist, using either a prepend or append method.

TryHackMe: Wonderland

Fri, 05 Jun 2020 23:24:43 GMT

New week, new challenge. This is my writeup of the Wonderland machine.

CVE-2020-13448 - QuickBox - Authenticated RCE/Privilege Escalation

Fri, 29 May 2020 08:31:38 GMT

QuickBox CE <= v2.5.5 and QuickBox Pro <= 2.1.8 are both affected by an authenticated remote code execution (RCE) and privilege escalation vulnerability. A low-privileged user can execute arbitary commands on the server with the privileges of the user running the web server...

Hack The Box: RedCross

Sat, 13 Apr 2019 02:30:00 GMT

This is a writeup of the retired Hack The Box RedCross machine.

Vulnhub: DC-4

Tue, 09 Apr 2019 18:17:19 GMT

Writeup of DC-4 from Vulnhub. Another beginner-to-intermediate box from the DC series.

Lin.Security

Sat, 06 Apr 2019 19:55:09 GMT

Working through the Lin.Security box to practice Linux privilege escalation across a bunch of misconfigured SUDO entries.

Vulnhub: DC-3

Sat, 06 Apr 2019 15:51:54 GMT

Writeup of DC-3 from Vulnhub. One port, one flag, Joomla.

Vulnhub: DC-2

Sun, 24 Mar 2019 20:16:07 GMT

Today we are solving DC-2. This machine is created by DCAU7 who also created DC-1. Even though the machine is for beginners I figured I could try and solve it anyway.

Vulnhub: RootThis 1

Sat, 16 Mar 2019 22:51:50 GMT

Writeup of the RootThis: 1 machine from Vulnhub.

Vulnhub: unknowndevice64

Wed, 13 Mar 2019 21:30:55 GMT

Today we are solving "unknowndevice64" from Vulnhub - the most recent machine as of this writing.

Vulnhub: ch4inrulz: 1.0.1

Fri, 08 Mar 2019 21:21:46 GMT

Writeup of CH4INRULZ. LFI to image upload bypass to RCE, then DirtyCow for privilege escalation.

Vulnhub: digitalworld.local: MERCY v2

Sun, 03 Mar 2019 00:15:29 GMT

Writeup of MERCY v2 from digitalworld.local, a machine built for practicing OSCP-style enumeration and exploitation.

Vulnhub: Casino Royale 1

Sat, 02 Mar 2019 16:07:52 GMT

This is a writeup of the recently released Casino Royale: 1 machine from Vulnhub

Hack The Box: Sneaky

Thu, 10 Jan 2019 18:47:39 GMT

This is a writeup of the retired Hack The Box Sneaky machine.

Hack The Box: Devel

Wed, 09 Jan 2019 17:42:56 GMT

This is a writeup of the retired Hack The Box Devel machine.

Hack The Box: Jerry

Wed, 02 Jan 2019 19:36:55 GMT

This is a writeup of the retired Hack The Box Jerry machine.

Hack The Box: Waldo

Tue, 01 Jan 2019 09:28:00 GMT

This is a writeup of the retired Hack The Box Waldo machine.

Hack The Box: DevOops

Mon, 31 Dec 2018 13:48:00 GMT

This is a writeup of the retired Hack The Box Devoops machine.