A collection of portswigger websockets writeups with examples, notes and writeups.

A collection of portswigger xss writeups with examples, notes and writeups.

A collection of portswigger xxe injection writeups with examples, notes and writeups.

A collection of portswigget nosql writeups with examples, notes and writeups.

Writeup for the "Titanic" machine on HackTheBox. It involves exploiting LFI to discover sensitive Gitea configuration and database files, cracking PBKDF2 hashes for SSH access, and escalating privileges via a shared library injection in ImageMagick (CVE-2024-41817).

Walkthrough of the "Jerry" machine on HackTheBox. It involves brute-forcing Tomcat Manager credentials, deploying a WAR reverse shell, and retrieving both user and root flags from a Windows system.

Writeup for the "Nibbles" machine on HackTheBox. It involves discovering a vulnerable Nibbleblog CMS, exploiting it via Metasploit for initial access, and escalating privileges by abusing a writable script with sudo rights.

Walkthrough of the "Active" machine on HackTheBox, showcasing SMB enumeration, GPP password extraction, Kerberoasting, and gaining SYSTEM access via Impacket's PsExec.

Walkthrough of the "Markup" machine on HackTheBox, featuring enumeration, XML external entity (XXE) injection to gain a user shell, and privilege escalation via writable batch script to SYSTEM.

Detailed walkthrough of the Sea room on HackTheBox platform, covering initial enumeration, exploiting vulnerabilities, and obtaining user and root flags.

Busqueda is an Easy Difficulty Linux machine that involves exploiting a command injection vulnerability present in a `Python` module. By leveraging this vulnerability, we gain user-level access to the machine. To escalate privileges to `root`, we discover credentials within a `Git` config file, allowing us to log into a local `Gitea` service. Additionally, we uncover that a system checkup script can be executed with `root` privileges by a specific user. By utilizing this script, we enumerate `Docker` containers that reveal credentials for the `administrator` user and `Gitea` account. Further analysis of the system checkup script and source code in a `Git` repository reveals a means to exploit a relative path reference, granting us Remote Code Execution (RCE) with `root` privileges.

Learn about and get hands-on with common technologies and security products used in corporate environments; both host and network-based security solutions are covered.

IClean is a medium-difficulty Linux machine featuring a website for a cleaning services company. The website contains a form where users can request a quote, which is found to be vulnerable to Cross-Site Scripting (XSS). This vulnerability is exploited to steal an admin cookie, which is then used to access the administrator dashboard. The page is vulnerable to Server-Side Template Injection (SSTI), allowing us to obtain a reverse shell on the box. Enumeration reveals database credentials, which are leveraged to gain access to the database, leading to the discovery of a user hash. Cracking this hash provides `SSH` access to the machine. The user’s mail mentions working with PDFs. By examining the `sudo` configuration, it is found that the user can run `qpdf` as `root`. This is leveraged to attach the `root` private key to a PDF, which is then used to gain privileged access to the machine.