Writeups
HackTheBox
| Title | OS | Tags |
|---|---|---|
| HackTheBox - Active (Windows) | Windows | rce suid php privilege-escalation |
| HackTheBox - Active (Windows) | Windows | rce suid php privilege-escalation |
| HackTheBox - Bloker (Linux) | Linux | php privilege-escalation rce suid |
| HackTheBox - Bloker (Linux) | Linux | php privilege-escalation rce suid |
| HackTheBox - Codify (Linux) | Linux | privilege-escalation rce |
| HackTheBox - Codify (Linux) | Linux | privilege-escalation rce |
| HackTheBox - CozyHosting (Linux) | Linux | php privilege-escalation rce |
| HackTheBox - CozyHosting (Linux) | Linux | php privilege-escalation rce |
| HackTheBox - Editor (Linux) | Linux | privilege-escalation rce suid |
| HackTheBox - Editor (Linux) | Linux | privilege-escalation rce suid |
| HackTheBox - Fluffy (Windows) | Windows | active-directory privilege-escalation rce |
| HackTheBox - Fluffy (Windows) | Windows | active-directory privilege-escalation rce |
| HackTheBox - Forest (Windows) | Windows | rce suid php privilege-escalation |
| HackTheBox - Forest (Windows) | Windows | rce suid php privilege-escalation |
| HackTheBox - Help (Linux) | Linux | php privilege-escalation rce |
| HackTheBox - Help (Linux) | Linux | php privilege-escalation rce |
| HackTheBox - Jarvis (Linux) | Linux | php privilege-escalation rce suid |
| HackTheBox - Jarvis (Linux) | Linux | php privilege-escalation rce suid |
| HackTheBox - Keeper (Linux) | Linux | privilege-escalation rce |
| HackTheBox - Keeper (Linux) | Linux | privilege-escalation rce |
| HackTheBox - Legacy (Windows) | Windows | rce suid php privilege-escalation |
| HackTheBox - Legacy (Windows) | Windows | rce suid php privilege-escalation |
| HackTheBox - MetaTwo (Linux) | Linux | php privilege-escalation rce suid |
| HackTheBox - MetaTwo (Linux) | Linux | php privilege-escalation rce suid |
| HackTheBox - Nibbles (Linux) | Linux | php privilege-escalation rce |
| HackTheBox - Nibbles (Linux) | Linux | php privilege-escalation rce |
| HackTheBox - Pilgrimage (Linux) | Linux | php privilege-escalation rce |
| HackTheBox - Pilgrimage (Linux) | Linux | php privilege-escalation rce |
| HackTheBox - Poison (Linux) | Linux | php privilege-escalation rce |
| HackTheBox - Poison (Linux) | Linux | php privilege-escalation rce |
| HackTheBox - Sau (Linux) | Linux | privilege-escalation rce |
| HackTheBox - Sau (Linux) | Linux | privilege-escalation rce |
| HackTheBox - Sea (Linux) | Linux | php privilege-escalation rce |
| HackTheBox - Sea (Linux) | Linux | php privilege-escalation rce |
| HackTheBox - SolidState (Linux) | Linux | privilege-escalation rce |
| HackTheBox - SolidState (Linux) | Linux | privilege-escalation rce |
| HackTheBox - Sunday (Linux) | Linux | privilege-escalation rce suid |
| HackTheBox - Sunday (Linux) | Linux | privilege-escalation rce suid |
| HackTheBox - Tabby (Linux) | Linux | php privilege-escalation rce |
| HackTheBox - Tabby (Linux) | Linux | php privilege-escalation rce |
| HackTheBox - TartarSauce (Linux) | Linux | php privilege-escalation rce |
| HackTheBox - TartarSauce (Linux) | Linux | php privilege-escalation rce |
| HackTheBox - UpDown (Linux) | Linux | php privilege-escalation rce |
| HackTheBox - UpDown (Linux) | Linux | php privilege-escalation rce |
Proving Grounds
| Title | OS | Tags |
|---|---|---|
| Proving Grounds - Access (Windows) | Windows | htaccess-bypass kerberoast dll-hijack runascs active-directory php-upload |
| Proving Grounds - Access (Windows) | Windows | htaccess-bypass kerberoast dll-hijack runascs active-directory php-upload |
| Proving Grounds - Algernon (Windows) | Windows | rce smartermail ftp cve-2019-7214 |
| Proving Grounds - Algernon (Windows) | Windows | rce smartermail ftp cve-2019-7214 |
| Proving Grounds - Amaterasu (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - Amaterasu (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - Apex (Windows) | Windows | rce suid php privilege-escalation |
| Proving Grounds - Apex (Windows) | Windows | rce suid php privilege-escalation |
| Proving Grounds - Astronaut (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - Astronaut (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - AuthBy (Windows) | Windows | ftp php rce ms11-046 cve-2011-1249 privilege-escalation |
| Proving Grounds - AuthBy (Windows) | Windows | ftp php rce ms11-046 cve-2011-1249 privilege-escalation |
| Proving Grounds - BBScute (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - BBScute (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - Billyboss (Windows) | Windows | nexus rce cve-2020-10199 seimpersonate godpotato privilege-escalation |
| Proving Grounds - Billyboss (Windows) | Windows | nexus rce cve-2020-10199 seimpersonate godpotato privilege-escalation |
| Proving Grounds - BitForge (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - BitForge (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - BlackGate (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - BlackGate (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - Blogger (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - Blogger (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - Boolean (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - Boolean (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - Bratarina (Windows) | Windows | rce suid php privilege-escalation |
| Proving Grounds - Bratarina (Windows) | Windows | rce suid php privilege-escalation |
| Proving Grounds - BTRSys2.1 (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - BTRSys2.1 (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - bullyBox (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - bullyBox (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - Butch (Windows) | Windows | iis smtp ftp weak-credentials |
| Proving Grounds - Butch (Windows) | Windows | iis smtp ftp weak-credentials |
| Proving Grounds - ClamAV (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - ClamAV (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - Clue (Windows) | Windows | rce suid php privilege-escalation |
| Proving Grounds - Clue (Windows) | Windows | rce suid php privilege-escalation |
| Proving Grounds - Cockpit (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - Cockpit (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - Codo (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - Codo (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - Craft (Windows) | Windows | ntlmv2 responder odf-macro bad-odf smb-relay |
| Proving Grounds - Craft (Windows) | Windows | ntlmv2 responder odf-macro bad-odf smb-relay |
| Proving Grounds - Craft2 (Windows) | Windows | rce suid php privilege-escalation |
| Proving Grounds - Craft2 (Windows) | Windows | rce suid php privilege-escalation |
| Proving Grounds - Crane (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - Crane (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - CVE-2023-6019 (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - CVE-2023-6019 (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - DC-9 (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - DC-9 (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - DriftingBlue6 (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - DriftingBlue6 (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - DVR4 (Windows) | Windows | path-traversal argus-surveillance-dvr cve-2018-15745 arbitrary-file-read |
| Proving Grounds - DVR4 (Windows) | Windows | path-traversal argus-surveillance-dvr cve-2018-15745 arbitrary-file-read |
| Proving Grounds - Educated (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - Educated (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - Election1 (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - Election1 (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - Exfiltrated (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - Exfiltrated (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - Extplorer (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - Extplorer (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - Fanatastic (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - Fanatastic (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - Fired (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - Fired (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - Fish (Windows) | Windows | path-traversal glassfish cve-2017-1000028 arbitrary-file-read synaman |
| Proving Grounds - Fish (Windows) | Windows | path-traversal glassfish cve-2017-1000028 arbitrary-file-read synaman |
| Proving Grounds - Flu (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - Flu (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - Funbox (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - Funbox (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - FunboxEasyEnum (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - FunboxEasyEnum (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - Gaara (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - Gaara (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - GlasgowSmile (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - GlasgowSmile (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - GLPI (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - GLPI (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - Heist (Windows) | Windows | ssrf ntlm-relay responder gmsa SeRestorePrivilege active-directory evil-winrm |
| Proving Grounds - Heist (Windows) | Windows | ssrf ntlm-relay responder gmsa SeRestorePrivilege active-directory evil-winrm |
| Proving Grounds - hokkaido (Windows) | Windows | active-directory kerberoast password-spray mssql bloodyad force-change-password sebackup-privilege uac-bypass pass-the-hash |
| Proving Grounds - hokkaido (Windows) | Windows | active-directory kerberoast password-spray mssql bloodyad force-change-password sebackup-privilege uac-bypass pass-the-hash |
| Proving Grounds - Hub (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - Hub (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - Hutch (Windows) | Windows | ldap laps webdav godpotato active-directory iis |
| Proving Grounds - Hutch (Windows) | Windows | ldap laps webdav godpotato active-directory iis |
| Proving Grounds - Image (Linux) | Linux | rce cve-2023-34152 imagemagick command-injection suid strace privilege-escalation web |
| Proving Grounds - Image (Linux) | Linux | rce cve-2023-34152 imagemagick command-injection suid strace privilege-escalation web |
| Proving Grounds - Jordak (Linux) | Linux | rce cve-2023-26469 jorani log-poisoning sudo env privilege-escalation web |
| Proving Grounds - Jordak (Linux) | Linux | rce cve-2023-26469 jorani log-poisoning sudo env privilege-escalation web |
| Proving Grounds - Katana (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - Katana (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - LaVita (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - LaVita (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - law (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - law (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - Levram (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - Levram (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - Loly (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - Loly (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - Mantis (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - Mantis (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - Marketing (Linux) | Linux | pg oscp web limesurvey cve-2021-44967 sudo credential-reuse marketing |
| Proving Grounds - Marketing (Linux) | Linux | pg oscp web limesurvey cve-2021-44967 sudo credential-reuse marketing |
| Proving Grounds - Marshalled (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - Marshalled (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - MZEEAV (Linux) | Linux | php file-upload rce suid find privilege-escalation |
| Proving Grounds - MZEEAV (Linux) | Linux | php file-upload rce suid find privilege-escalation |
| Proving Grounds - Nagoya (Windows) | Windows | kerberoast password-spray dacl-abuse silver-ticket mssql dotnet-decompile active-directory bloodhound |
| Proving Grounds - Nagoya (Windows) | Windows | kerberoast password-spray dacl-abuse silver-ticket mssql dotnet-decompile active-directory bloodhound |
| Proving Grounds - Nara (Windows) | Windows | ntlm-theft scf adcs esc1 certipy smb responder active-directory |
| Proving Grounds - Nara (Windows) | Windows | ntlm-theft scf adcs esc1 certipy smb responder active-directory |
| Proving Grounds - Nibbles (Linux) | Linux | postgresql default-credentials rce suid find privilege-escalation |
| Proving Grounds - Nibbles (Linux) | Linux | postgresql default-credentials rce suid find privilege-escalation |
| Proving Grounds - Nukem (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - Nukem (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - Ochima (Linux) | Linux | maltrail rce cve-2023-27163 cron privilege-escalation |
| Proving Grounds - Ochima (Linux) | Linux | maltrail rce cve-2023-27163 cron privilege-escalation |
| Proving Grounds - Ochima (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - Ochima (Linux) | Linux | rce suid php privilege-escalation |
| Proving Grounds - Resourced (Windows) | Windows | active-directory rpc smb ldap pass-the-hash rbcd secretsdump evil-winrm impacket |
| Proving Grounds - Resourced (Windows) | Windows | active-directory rpc smb ldap pass-the-hash rbcd secretsdump evil-winrm impacket |
| Proving Grounds - Vault (Windows) | Windows | active-directory smb ntlm-theft ntlmv2 hash-crack gpo-abuse sharpgpoabuse evil-winrm kerberos |
| Proving Grounds - Vault (Windows) | Windows | active-directory smb ntlm-theft ntlmv2 hash-crack gpo-abuse sharpgpoabuse evil-winrm kerberos |
TryHackMe
| Title | OS | Tags |
|---|---|---|
| TryHackMe - Alfred (Windows) | Windows | rce suid php privilege-escalation |
| TryHackMe - Alfred (Windows) | Windows | rce suid php privilege-escalation |
| TryHackMe - All in One (Linux) | Linux | rce suid php privilege-escalation |
| TryHackMe - All in One (Linux) | Linux | rce suid php privilege-escalation |
| TryHackMe - Attacking Kerberos (Windows) | Windows | rce suid php privilege-escalation |
| TryHackMe - Attacking Kerberos (Windows) | Windows | rce suid php privilege-escalation |
| TryHackMe - Attacktive Directory (Windows) | Windows | rce suid php privilege-escalation |
| TryHackMe - Attacktive Directory (Windows) | Windows | rce suid php privilege-escalation |
| TryHackMe - bandit (Linux) | Linux | rce suid php privilege-escalation |
| TryHackMe - bandit (Linux) | Linux | rce suid php privilege-escalation |
| TryHackMe - Blaster (Windows) | Windows | rce suid php privilege-escalation |
| TryHackMe - Blaster (Windows) | Windows | rce suid php privilege-escalation |
| TryHackMe - blog (Windows) | Windows | rce suid php privilege-escalation |
| TryHackMe - blog (Windows) | Windows | rce suid php privilege-escalation |
| TryHackMe - ColddBox - Easy (Linux) | Linux | rce suid php privilege-escalation |
| TryHackMe - ColddBox - Easy (Linux) | Linux | rce suid php privilege-escalation |
| TryHackMe - Corp (Windows) | Windows | rce suid php privilege-escalation |
| TryHackMe - Corp (Windows) | Windows | rce suid php privilege-escalation |
| TryHackMe - Daily Bugle (Linux) | Linux | rce suid php privilege-escalation |
| TryHackMe - Daily Bugle (Linux) | Linux | rce suid php privilege-escalation |
| TryHackMe - Disgruntled (Linux) | Linux | rce suid php privilege-escalation |
| TryHackMe - Disgruntled (Linux) | Linux | rce suid php privilege-escalation |
| TryHackMe - Expose (Windows) | Windows | rce suid php privilege-escalation |
| TryHackMe - Expose (Windows) | Windows | rce suid php privilege-escalation |
| TryHackMe - Game Zone (Linux) | Linux | rce suid php privilege-escalation |
| TryHackMe - Game Zone (Linux) | Linux | rce suid php privilege-escalation |
| TryHackMe - HackPark (Windows) | Windows | rce suid php privilege-escalation |
| TryHackMe - HackPark (Windows) | Windows | rce suid php privilege-escalation |
| TryHackMe - Holo (Windows) | Windows | rce suid php privilege-escalation |
| TryHackMe - Holo (Windows) | Windows | rce suid php privilege-escalation |
| TryHackMe - hydra (Linux) | Linux | rce suid php privilege-escalation |
| TryHackMe - hydra (Linux) | Linux | rce suid php privilege-escalation |
| TryHackMe - Include (Linux) | Linux | rce suid php privilege-escalation |
| TryHackMe - Include (Linux) | Linux | rce suid php privilege-escalation |
| TryHackMe - jokerctf (Linux) | Linux | rce suid php privilege-escalation |
| TryHackMe - jokerctf (Linux) | Linux | rce suid php privilege-escalation |
| TryHackMe - Kenobi (Windows) | Windows | rce suid php privilege-escalation |
| TryHackMe - Kenobi (Windows) | Windows | rce suid php privilege-escalation |
| TryHackMe - Linux PrivEsc (Linux) | Linux | rce suid php privilege-escalation |
| TryHackMe - Linux PrivEsc (Linux) | Linux | rce suid php privilege-escalation |
| TryHackMe - Linux Privilege Escalation (Windows) | Windows | rce suid php privilege-escalation |
| TryHackMe - Linux Privilege Escalation (Windows) | Windows | rce suid php privilege-escalation |
| TryHackMe - Mr Robot CTF (Linux) | Linux | rce suid php privilege-escalation |
| TryHackMe - Mr Robot CTF (Linux) | Linux | rce suid php privilege-escalation |
| TryHackMe - Overpass (Linux) | Linux | rce suid php privilege-escalation |
| TryHackMe - Overpass (Linux) | Linux | rce suid php privilege-escalation |
| TryHackMe - PS Eclipse (Windows) | Windows | rce suid php privilege-escalation |
| TryHackMe - PS Eclipse (Windows) | Windows | rce suid php privilege-escalation |
| TryHackMe - Red (Windows) | Windows | rce suid php privilege-escalation |
| TryHackMe - Red (Windows) | Windows | rce suid php privilege-escalation |
| TryHackMe - Retro (Windows) | Windows | rce suid php privilege-escalation |
| TryHackMe - Retro (Windows) | Windows | rce suid php privilege-escalation |
| TryHackMe - RootMe (Linux) | Linux | rce suid php privilege-escalation |
| TryHackMe - RootMe (Linux) | Linux | rce suid php privilege-escalation |
| TryHackMe - Simple CTF (Linux) | Linux | rce suid php privilege-escalation |
| TryHackMe - Simple CTF (Linux) | Linux | rce suid php privilege-escalation |
| TryHackMe - Skynet (Linux) | Linux | rce suid php privilege-escalation |
| TryHackMe - Skynet (Linux) | Linux | rce suid php privilege-escalation |
| TryHackMe - Startup🌶 (Windows) | Windows | rce suid php privilege-escalation |
| TryHackMe - Startup🌶 (Windows) | Windows | rce suid php privilege-escalation |
| TryHackMe - Stealth (Windows) | Windows | rce suid php privilege-escalation |
| TryHackMe - Stealth (Windows) | Windows | rce suid php privilege-escalation |
| TryHackMe - Steel Mountain (Windows) | Windows | rce suid php privilege-escalation |
| TryHackMe - Steel Mountain (Windows) | Windows | rce suid php privilege-escalation |
| TryHackMe - StuxCTF (Linux) | Linux | rce suid php privilege-escalation |
| TryHackMe - StuxCTF (Linux) | Linux | rce suid php privilege-escalation |
| TryHackMe - ToolsRus (Linux) | Linux | rce suid php privilege-escalation |
| TryHackMe - ToolsRus (Linux) | Linux | rce suid php privilege-escalation |
| TryHackMe - UltraTech (Windows) | Windows | rce suid php privilege-escalation |
| TryHackMe - UltraTech (Windows) | Windows | rce suid php privilege-escalation |
| TryHackMe - Vulnversity (Windows) | Windows | rce suid php privilege-escalation |
| TryHackMe - Vulnversity (Windows) | Windows | rce suid php privilege-escalation |
| TryHackMe - Weasel (Windows) | Windows | rce suid php privilege-escalation |
| TryHackMe - Weasel (Windows) | Windows | rce suid php privilege-escalation |
| TryHackMe - Windows PrivEsc (Windows) | Windows | rce suid php privilege-escalation |
| TryHackMe - Windows PrivEsc (Windows) | Windows | rce suid php privilege-escalation |
| TryHackMe - Windows PrivEsc Arena (Windows) | Windows | rce suid php privilege-escalation |
| TryHackMe - Windows PrivEsc Arena (Windows) | Windows | rce suid php privilege-escalation |
| TryHackMe - Wordpress CVE-2021-29447 (Linux) | Linux | rce suid php privilege-escalation |
| TryHackMe - Wordpress CVE-2021-29447 (Linux) | Linux | rce suid php privilege-escalation |