Search for a command to run...
Series
A collection of writeups and walkthroughs of several machines hacked ethically, including thorough instructions on reproducing the issues, as well as a combination of writing and screenshots.
This is a writeup for the VulnNET: Active machine, available on the TryHackMe. You can take advantage of a Windows user's edit rights on a Group Policy Object in order to compromise the objects that are controlled by that GPO. Introduction Machine De...
This is a writeup for the Skynet room, available on the TryHackMe. Today we will see privilege escalation using wildcard injection: crafting manipulated filenames, an attacker can insert parameters into commands that are run by other users, such as t...
This is a writeup for the Dogcat room, available on TryHackMe. Log Poisoning is a well-known method for exploiting a Local File Inclusion (FLI) vulnerability to gain a reverse shell. The attacker attempts to insert malicious input into the server lo...
This is a writeup for the Relevant room, available on TryHackMe. Today's system vulnerability is based on Token Impersonalization. In order for this to work, we need a tool that uses a named pipe to deceive an NT AUTHORITY\SYSTEM account into connect...
The Unintended Way?
This is a writeup for the Steel Mountain room, available on the TryHackMe. The Unquoted Service Problem: When a service is started in a Windows environment, the system looks for an executable to start the service properly. If the executable is includ...
