✍️
Writeups and Walkthroughs
HomeGitHubPortfolio Twitter/X Medium Cont@ct
  • ✍️Writeups and Walkthroughs
  • THM
    • Simple CTF
    • RootMe
    • Eternal Blue
    • Vulnversity
    • Pickle Rick
    • Brooklyn Nine Nine
    • Kenobi
    • Bounty Hacker
    • Overpass
    • LazyAdmin
    • Ignite
    • Bolt
    • Agent Sudo
    • Anonymous
    • Startup
    • Wgel
    • Lian_Yu
    • Blog
    • ColdBox
    • H4cked
    • Smag Grotto
    • Ice
    • Blaster
    • The Sticker Shop
    • 🔟OWASP
      • 1️⃣Injection
    • Active Directory Basics
    • Attacktive Directory
    • Post-Exploitation Basics
  • HackTheBox
    • Active
    • Devel
    • Delivery
    • Analytics
    • Bashed
    • Valentine
    • Sau
    • Sunday
    • Cap
    • Bizness
    • Chemistry %
  • Vulnhub
    • Brainpain (BoF)
  • DockerLabs
    • Trust
    • Upload
    • Vacaciones
  • DVWA
    • Install and configure DVWA
    • Command Injection
    • CSRF
    • File Inclusion
    • SQL Injection
    • SQLi Blind
  • Mutillidae II
    • Install & configure OWASP Mutillidae II
    • SQLi
      • SQLi Login Bypass
      • Extracting Data
      • Finding Number of Columns
      • Pivoting with SQL injection
    • Command Injection
      • Extracting User Accounts
      • Web Shell
    • IDOR & File Inclusion
      • Edit Another User's Profile
      • Extracting User Accounts
      • Extracting User Accounts with Local File Inclusion
      • Web Shell with Remote File Inclusion (RFI)
    • XSS
      • XSS Reflected
      • XSS Stored
      • XSS DOM-Based
  • Secure Bank
    • Install & configure Secure Bank
    • -----
      • SQLi Login Bypass
      • Extracting Data
      • Finding Number of Columns
      • Pivoting with SQL injection
    • -----
      • Extracting User Accounts
      • Web Shell
  • PortSwigger - Web Security Academy
    • Burp Suite Config
    • Information Disclosure
      • Information disclosure vulnerabilities
      • Common sources of information disclosure
        • Information disclosure in error messages
        • Information disclosure on debug page
        • Source code disclosure via backup files
        • Authentication bypass via information disclosure
        • Information disclosure in version control history
    • Essential skills
      • Obfuscating attacks using encodings
        • SQL injection with filter bypass via XML encoding
      • Using Burp Scanner
      • Identifying unknown vulnerabilities
    • Server-side vulnerabilities
      • Path traversal
        • File path traversal, simple case
      • Access control
        • Unprotected admin functionality
        • Unprotected admin functionality with unpredictable URL
        • User role controlled by request parameter
        • User ID controlled by request parameter, with unpredictable user IDs
        • User ID controlled by request parameter with password disclosure
      • Authentication
        • Username enumeration via different responses
        • 2FA simple bypass
      • Server-side request forgery (SSRF)
        • Basic SSRF against the local server
        • Basic SSRF against another back-end system
      • File upload vulnerabilities
        • Remote code execution via web shell upload
        • Web shell upload via Content-Type restriction bypass
      • OS Command Injection
        • OS command injection, simple case
      • SQL injection
        • SQL injection vulnerability in WHERE clause allowing retrieval of hidden data
        • SQL injection vulnerability allowing login bypass
    • JWT Attacks
      • Json Web Tokens (JWT)
      • Exploiting JWT
        • JWT authentication bypass via unverified signature
        • JWT authentication bypass via flawed signature verification
        • JWT authentication bypass via weak signing key
        • To-Do
          • JWT authentication bypass via jwk header injection - %
          • JWT authentication bypass via jku header injection - %
          • JWT authentication bypass via kid header path traversal - %
    • API Testing
      • API Testing
        • Exploiting an API endpoint using documentation
        • Finding and exploiting an unused API endpoint
        • Exploiting a mass assignment vulnerability
      • Server-side parameter pollution
        • Exploiting server-side parameter pollution in a query string
    • Deserialization Insecure
      • Serialization vs Deserialization
        • Lab
        • Lab
      • Java Insecure Deserialization
        • Lab
        • Lab
      • PHP Insecure Deserialization
        • Lab
        • Lab
  • HomeMade Labs
    • Active Directory
      • AD Lab Setup
      • AD Enumeration
      • SMB Common Attacks
    • Pivoting
      • Pivoting Theory
      • Pivoting Guidelines
      • Lab (3 Targets)
    • Buffer Overflow (BoF)
      • BoF Theory
      • Brainpain (BoF Lab)
Powered by GitBook
On this page
  • Try Hack Me (THM)
  • Rooms
  • CTFs
  • Hack The Box (HTB)
  • VulnHub
  • Vulnix
  • DockerLabs
  • HomeMade Labs 🏠🔬
  • WAPT
  • Portswigger Web Security Academy
  • DVWA
  • OWASP - Mutillidae II
  • OWASP - SecureBank

Writeups and Walkthroughs

NextTHM

Last updated 2 months ago

Try Hack Me (THM)

Rooms

  • Breaching Active Directory (This network covers techniques and tools that can be used to acquire that first set of AD credentials that can then be used to enumerate AD)

  • Enumerating Active Directory (This room covers various Active Directory enumeration techniques, their use cases as well as drawbacks)

CTFs


Hack The Box (HTB)

  • Chemistry - OnGoing

  • Celestial - OnGoing

  • Poison - OnGoing


VulnHub


Vulnix

  • Admin

DockerLabs


HomeMade Labs 🏠🔬


WAPT

Portswigger Web Security Academy


DVWA


OWASP - Mutillidae II


OWASP - SecureBank

  • Install and configure OWASP Secure Bank

(This room will introduce the basic concepts and functionality provided by Active Directory)

(99% of Corporate networks run off of AD. But can you exploit a vulnerable Domain Controller?)

(Learn the basics of post-exploitation and maintaining access with mimikatz, bloodhound, powerview and msfvenom)

✍️
OWASP
Active Directory Basics
Attacktive Directory
Post-Exploitation Basics
RootMe
Simple CTF
Eternal Blue
Vulnversity
Pickle Rick
Brooklyn Nine Nine
Kenobi
Bounty Hacker
Overpass
LazyAdmin
Ignite
Bolt
Agent Sudo
Startup
Wgel
Blog
ColdBox
Lian_Yu
Blaster
Ice
The Sticker Shop
Devel
Delivery
Active
Analytics
Bashed
Valentine
Sau
Sunday
Cap
Bizness
Brainpain (BoF)
Trust
Upload
Vacaciones
Active Directory
Pivoting
Buffer Overflow (BoF)
PortSwigger - Web Security Academy (My Walkthrough)
Install and configure DVWA
Command Injection
Cross Site Request Forgery (CSRF)
File Inclusion (LFI + RFI)
SQL Injection (SQLi)
Install & configure OWASP Mutillidae II
SQL Injection (SQLi)
Command Injection
IDOR & File Inclusion
Cross-Site Scripting (XSS)
tryhackme.com - © TryHackMe
hackthebox.com - © HACKTHEBOX
© VulNyx
@PortSwigger Ltd
https://www.vulnhub.com/
https://dockerlabs.es/
https://github.com/digininja/DVWA
https://owasp.org/www-project-mutillidae-ii/
https://owasp.org/www-project-securebank/