Laboratory starts off with discovering an vulnerable GitLab instance running on the box. We’ll refer an HackerOne report to exploit a CVE associated with it to get Arbitrary file read vulnerabil...
Apr 23 2021-04-23T14:40:00+05:30
ret2basic was a basic ret2win based binary exploitation challenge where we Locate a method within the binary that we want to call and do so by overwriting a saved return address on the stack. ...
Mar 21 2021-03-21T21:45:00+05:30
Passage starts off with web enumeration where we discover the website running on a vulnerable instance of CuteNews CMS and exploit it through bypassing Avatar Image Upload functionality to drop ...
Mar 10 2021-03-10T12:15:00+05:30
Academy is a vulnerable replica of a recently released Cyber Security training product by HackTheBox. Initial foothold requires us to exploit a vulnerable registration page through which we can ...
Mar 3 2021-03-03T12:30:00+05:30
Doctor starts off with attacking a health service message board website where we discover two vulnerabilities, Server-side Template injection and Command injection both of which leads to initial...
Jan 15 2021-01-15T12:30:00+05:30
Omni is an unique machine running Windows IoT Core, a variant of Windows designed for embedded systems like Raspberry Pi. Using SirepRAT we are able to achieve remote code execution, thereby she...
Jan 14 2021-01-14T12:59:00+05:30
OpenKeyS gives us good insight and exposure on OpenBSD vulnerabilities, initial web enumeration leads us to a directory where we find a vim swap file, restoring the file contents we understand c...
Dec 16, 2020 2020-12-16T11:40:00+05:30
SneakyMailer starts off with Web enumeration where we discover a list of email addresses and send them phishing mails. One of the user triggers the link and drops his creds via POST request, Usi...
Dec 3, 2020 2020-12-03T11:50:00+05:30
Buff is a quite easy box highlighting basics of enumeration, where we discover a website running a vulnerable software and exploit it using a publicly available exploit to a get remote code exec...
Nov 24, 2020 2020-11-24T12:10:00+05:30
Tabby was a user friendly easy level box put together with interesting attack vectors. We start off with discovering Local File Inclusion (LFI) in a website and leverage it to expose credentials...
Nov 12, 2020 2020-11-12T12:20:00+05:30