Home
This is my personal site centered around InfoSec - I post research, projects and CTF writeups whenever I get the chance :) .
An easy Windows box from TryHackMe, brute force a login and exploit blogengine for initial access, then manipulate a misconfigured service for SYSTEM.
An easy Linux box from TryHackMe, follow a string of leaked data to get creds, then leverage an RFI for initial access, and use a cronjob run as root to escalate.
An easy Linux box from TryHackMe, get initial access by exploiting ftpd, and use an SUID binary that doesn’t use full paths to get root.
An easy Windows box from HackTheBox, using an SSRF to capture a password, then modifying a service path to get SYSTEM.
An easy Windows box from HackTheBox, running a CVE POC to get initial access, and then another POC to get SYSTEM.