Tenet is a medium-rated but comparatively easy box, that required a straightforward PHP deserialization exploit to gain a foothold and exploiting a race condition vulnerability to privesc. RECON We will begin the reconnaissance phase with an all-port Nmap TCP scan. sudo nmap -T4 -p- -sC -sV -vv -Pn -oA nmap/full-tcp…

Dear OSCP enthusiasts, in this blog post, I would like to share my journey to the OSCP certification. This blog is divided into multiple sections so that you can go and read the section you’re more interested in. …

Academy is an easy-rated box that required exploiting Laravel deserialization vulnerability(CVE-2018–15133) for an initial foothold and abusing sudo rights for composer to get root. Let’s just jump in. RECON We will begin reconnaissance with a full TCP Nmap scan sudo nmap -T4 -sC -sV -Pn -p- -vv -oA nmap/10.10.10.215 10.10.10.215 …

BrainFuck is an insane rated box that required a WordPress exploit for initial foothold and LXD group privilege escalation(unintended) for root. Let’s just jump in. Recon Let’s start with a quick Nmap scan to discover open ports nmap -T4 -sC -sV 10.10.10.17 -sC: Specifies Nmap to run default scripts -sV…

Cronos was rated medium difficulty that required basic SQL injection to get a foothold and command injection to get a reverse shell. The box was actually an easy one. The privilege escalation part was interesting where I learned how to exploit Laravel cron job. Let’s jump in. RECON I prefer…

HTB/Buff was a fun box based on CloudMe 1.11.2 BufferOverflow Exploitation. Let’s dive deeper into how we can exploit this amazing box. Scanning Run a Nmap scan against the box. nmap -A -T4 -p- -v 10.10.10.198