TombWatcher is a windows medium-machine that Start with domain creds (henry) -> Abuse WriteSPN on Alfred → Targeted Kerberoast -> add to INFRASTRUCTURE group → escalate privileges -> Dump ...

Certificate is a hard-difficulty windows machine from Hack The Box where -> Bypass upload filter (zip) upload PHP webshell → RCE -> Dump DB / extract password hash → crack locally → use crede...

Puppy is a medium-difficulty machine from Hack The Box. SMB enumeration showed readable shares –> Found KeePass database in shares –> Discovered DPAPI master key on the box –> Used master ...

Fluffy is an easy-difficulty machine from Hack The Box As is common in real life Windows pentests, you will start the Fluffy box with credentials for the following account: j.fleischman / J0elTHEM4...

Introduction Hey everyone! I recently passed the TryHackMe PT1 (Junior Penetration Tester) certification exam, and I wanted to share my review on it. As someone who’s been diving into cybersecurity...

Planning is an easy-difficulty linux machine from Hack The Box that starts with a common real life pentests that you will start the Planning box with credentials for the following account: admin /...

Environment is an easy-difficulty Linux machine from Hack The Box where we exploited a Laravel 11.30.0 CVE using --env=preprod to bypass the login page and reach the file uploader to gain RCE on ww...

🏅 Certifications: eJPT, aiming for CRTP & PT1 eJPT Overview Hey everyone! I’m Moetez Ben Abdallah, and I’m excited to finally share my thoughts on the eLearnSecurity Junior Penetration Test...

Reset is a hard-difficulty Windows machine from TryHackMe that tests your skills in enumeration, credential abuse, and Active Directory exploitation. The challenge begins with anonymous SMB share e...

UnderPass is an easy-difficulty machine from Hack The Box that starts with an exposed Daloradius instance, accessible using default credentials. Inside the application, we discover a password hash ...