Quaoar write-up (VulnHub): a simple machine for getting started in pentesting. We exploit WordPress with default credentials and upload a webshell for RCE, then escalate to root with DirtyCow.
Example of phishing in Windows 10 with a PDF and an embedded SettingContent-ms file, automatically executed by JavaScript when the document is opened.
Aragog write-up (HackTheBox): initial scan, XXE exploitation to read SSH keys, user access, WordPress modification to steal admin credentials and escalate to root. Intermediate level with a focus on XXE and creative post-exploitation.
Nightmare write-up (HackTheBox): high-level Linux machine that exploits SQLi to extract credentials, obtains RCE via modified 32-bit SFTP exploit, and escalates to root with Decoder binary reversing + disk group abuse with debugfs.
Olympus write-up (HackTheBox): average Linux machine that exploits Xdebug RCE to obtain initial shell, cracks WPA2 handshake for SSH credentials, uses port knocking to access port 2222, and escalates to root by mounting host filesystem from Docker container.
Practical guide to generating a malicious PDF that, when opened in Windows, forces NTLM authentication and captures the NET-NTLMv2 hash. Includes generation with modern tools, cracking with hashcat, and use of psexec. Updated with best practices and current alternatives.
Write-up of Nibbles (HackTheBox): simple Linux machine that exploits Nibbleblog 4.0.3 with leaked credentials and RCE via plugin upload, and escalates to root by abusing sudo in the monitor.sh script.
Poison write-up (HackTheBox): simple FreeBSD machine that exploits LFI in browse.php to poison Apache logs and obtain RCE, extracts credentials from pwdbackup.txt, and escalates to root via VNC with leaked password.
Complete guide to XSS vulnerabilities: types (Reflected, Stored, DOM-Based), filter bypass techniques, and payloads to evade validations and WAFs.
Falafel write-up (HackTheBox): High-level Linux machine that exploits SQL injection + PHP type juggling to bypass login, uploads webshell via wget + path truncation, and escalates to root via debugfs in disk group to read /root.
Chatterbox write-up (HackTheBox): Easy Windows machine that exploits a buffer overflow in AChat (CVE-2015-8295) to gain RCE, then escalates to SYSTEM by abusing the WinLogon registry and psexec.
Practical guide to creating a fake WiFi access point (Evil Twin / FakeAP) with Wifiphisher. We clone a hotel captive portal, deauthenticate users, and steal credentials. Updated with modern tools and ethical recommendations.