___               _   ___   ___ 
|  _|_____ ___ ___| |_|_  | |  _|
|  _|     | .'|_ -|   |_| |_| . |
|_| |_|_|_|__,|___|_|_|_____|___|
                 u/fmash16's page

TryHackMe - CMesS Writeup

A linux machine running Gila CMS having subdomains. Privesc using wildcard tar cronjob
KEYWORDS: [ Gila CMS, subdomain, wfuzz, php, wildcard, tar, crontab, linux, mysqldump, fuzzing ]

Hackthebox - Blunder Writeup

An easy difficulty linux box
KEYWORDS: [ bludit cms, fuzzing, cewl, sudo, privesc ]

Hackthebox - Montevarde Writeup

A medium difficulty windows box exploited through ldap and azure.
KEYWORDS: [ ldap, ad, azure, azure ad connect, powershell, crackmapexec ]

Hackthebox - Resolute Writeup

A medium hard box exploited through ldap. Privilege escalation using DLL injection with the user in DNS Admins group and exploiting the DNS service. Post contains some extra info about ldapsearch, rpcclient, nmap-scripts.
KEYWORDS: [ ldap, ldapsearch, rpcclient, dll, injection, dnsadmins, dns, evil-winrm, hydra ]

TryHackMe - Year of the Rabbit - Writeup


KEYWORDS: [ sudo, CVE-2019-14287, privesc, ftp, hydra, brainfuck, stego, pt_chown ]

TryHackMe - UltraTech Writeup

php, command injection, gtfobins, docker
KEYWORDS: [ php, command injection, docker, gtfobins, rce ]

TryHackMe - DogCat Writeup


KEYWORDS: [ php, lfi, docker, cron, rce ]

Hackthebox[Web-Challenge] Writeups

topics web, python, proxy, requests, session, md5, regex
KEYWORDS: [ python, web ]

Hackthebox - Admirer Writeup


KEYWORDS: [ fuzzing, linux, python path hijack, adminer exploit, mysql, sudo ]

Hackthebox - Obscurity Writeup

Difficulty easy, topics python, fuzzing, john, crypto
KEYWORDS: [ python, fuzzingk, john ]

Hackthebox - OpenAdmin Writeup

"Difficulty
KEYWORDS: [ php, gtfobins ]

Ryzen Gpu passthrough guide on debian

A guide to passthrough your gpu to a QEMU/KVM virtual machine running Windows 10
KEYWORDS: [ qemu, kvm, virtualization, passthrough ]

Next>>