Writeups for all of the different CTFs I’ve done, mostly TryHackMe and HackTheBox in prep before starting the private OSCP and Proving Grounds labs. Will be doing more in the future to try to learn more advanced AV evasion and binary exploitation (the latter more for fun than usefulness).
An easy Linux box from HackTheBox, use a chain of two CVEs on Magento to get initial access, then abuse sudo privileges on vi to get root.
An easy box from HackTheBox, entirely AD - first get a user hash by AS-REP roasting and crack it for initial access with evil-winrm, then scrape AD information and use bloodhound to find a path to domain admin via group misconfigurations.
An easy Linux box from HackTheBox, get run around rabbit holes until finally discover a subdomain with a LFI, grab a SSH key and use that for initial access, then exploit a vulnerable configuration of fail2ban for root.
An easy Windows box from HackTheBox, leak admin creds to a voting dashboard via SSRF and upload a webshell for initial access, then install a malicious .msi file to get SYSTEM.
A medium Windows box from HackTheBox, get initial access by resetting the password of another user on a site with CSRF, then get creds by logging in as them that allow you to get a reverse shell and escalate to administrator by finding creds in an instance of bash for windows.