Gofer - Hard - Linux
Nmap scan Results show a web server and SMB service. There is also a filtered port on 25 which typically is used for mail services. # Nmap 7.93 scan initiated Sat Jul 29 20:17:22 2023 as: nmap -sC...
Nmap scan Results show a web server and SMB service. There is also a filtered port on 25 which typically is used for mail services. # Nmap 7.93 scan initiated Sat Jul 29 20:17:22 2023 as: nmap -sC...
Windows domain controller hosting web services. Path to user involves enumerating files on an SMB share and decrypting encrypted strings to recover credentials. Credentials grant access to PWM serv...
Easy box which involved taking advantage of server side request forgery to access a web application hosted internally on port 80. The hosted web application was vulnerable to unauthenicated command...
A very challenging machine. It was difficult to enumerate the API endpoints because it only returned a valid status code when the absolute path was given. Two versions of the API were running. It w...
Nmap results Directory enumeration revealed a hidden git directory which was readable. The git directory contained a imagek binary which is used for image conversions. It also contained the php co...
At first it appeared to be a crypto challenge as it advertised PGP heavily. After some trial and error and realising the web application was built in flask it strongly hinted towards SSTI. The path...
This machine was very frustrating due to the LaTeX syntax. First step was to enumerate virtual hosts and discover a host requiring basic authenication. The web application was a LaTeX equation gene...
First step was to enumerate the API and reveal an endpoint which allowed new user registration. After registering a PHP token was granted which unlocked the ability to interact with other endpoints...
This box involved working with a protocol I’ve never seen before. There was an open port which was difficult to enumerate. An error message revealed it was probably related to gRPC. Postman was use...
Windows domain controller with no web services. Starts with enumerating a public SMB share and eventually leads to exploiting a certificate authority to gain administrator access. Nmap Scan Appear...