Jupiter is a medium-level challenge that kicks off with a Grafana dashboard. The journey begins with the quest to pinpoint a potential entry point within Grafana, allowing for the execution of raw SQL queries by the PostgreSQL database, ultimately leading to code execution on the host. Further exploration involves the…

Aero is a Windows machine of moderate difficulty, featuring two recently discovered vulnerabilities: CVE-2023–38146, a Windows 11 Themes Remote Code Execution Vulnerability discovered on September 12, 2023, and CVE-2023–28252, a Windows Common Log File System Driver Elevation of Privilege Vulnerability discovered on April 11, 2023. …

Here’s a summary of the key points of Only4you HTB machine: Difficulty Level: Medium!!!!!!!! Vulnerabilities: LFR (Local File Read): The presence of a Local File Read vulnerability suggests that an attacker can read files on the system, potentially accessing sensitive information. RCE (Remote Code Execution): RCE vulnerability implies that an…

Mailroom is a challenging Linux machine that hosts a custom web app and a Gitea code repository. The web app has vulnerabilities to Cross-Site Scripting (XSS), which, when combined with Server-Side Request Forgery (SSRF) and NoSQL injection, allows credential extraction. An initial shell leads to a user’s mailbox containing a…

A few days ago, news was published about a new tool called WormGPT which doesn’t have the limitations of the ChatGPT tool. thats weird! What is WormGPT? On July 13 2023, researchers from cybersecurity firm SlashNext published a blog post revealing the discovery of WormGPT, a tool being promoted for…

From the Crypto Category of Cyber Santa Is Coming To Town CTF which was going on from December 1st to December 5th 2021, there was a challenge called “Common Mistake”. let’s solve this challenge Take a look at the challenge description:

In the Misc Category of Guide Point CTF which was going on from October 12th to October 18th 2021, there was a challenge called “Get Hexy”. let’s solve this challenge. First, try to run file command on this

I’m going to solve another room called “Yearofthejellyfish“. It’s available at TryHackMe with Hard difficulty level. #The first thing we want to do is add the deployed machine’s IP and host name to /etc/hosts:

lucrecia has installed multiple web applications on the server. I’m gonna solve another room called “Ghizer“. It’s available at TryHackMe with medium difficulty level. Let’s do a port scan: