Data – Easy Machine (Hack The Box, VL): A very-easy-difficulty machine from the VulnLab on Hack The Box. In this box, we exploit a known LFI vulnerability in Grafana, then escalate privileges via ...

Introduction: Hack The Box is a platform where people learn hacking and sharpen their offensive security skills. It’s well-regarded—not just by the community, but even listed on Microsoft’s MSRC L...

Box Info: The box is fairly simple, A webapp is being hosted which reveals another one, 2nd webapp has LFI which can be exploited to read the creds of tom user to login in tomcat instance, which is...

Box Info: Sea was an easy simple box featuring WonderCMS which is vulnerable to XSS and can be leveraged to RCE via uploading a malicious module. Enumerating system further, A database file can be ...

Box Info: Editorial was an easy box which featured a book publishing website vulnerable to SSRF. it can be used to gain access to internal API, Access to local API can reveal SSH cerds to the machi...

Box Info: Codfiy was an easy linux box featuring a web application where user can test Node.js code. Web application uses a vulnerable library vm2 which can be exploited to get a shell. Enumerating...

Privilege escalation with pacman. Pacman is Arch Linux’s package manager for installing, updating, and managing software with .pkg.tar.zst files via a simple command-line interface, If the us...

Box Info: Boardlight was an easy Linux box running a Dolibarr instance vulnerable to CVE-2023-30253. After gaining a foothold as www-data, the configuration files revealed plaintext credentials, le...

Box Info: Headless is an Easy Linux box features a simple web application which is vulnerable to Blind-XSS, With a simple payload XSS in Request header can get admin cookie, which then can be used ...

Using Parrot OS is fun on Hyper-V which is really fast compare to other hypervisors, but we can’t have an Enhanced Session in HyperV with Parrot OS Which leads to us not being able to copy paste so...