Dejavu is an easy machine from HackMyVM by the user InfayerTS. The machine includes basic vulnerabilities. First of all, we find a path from a page’s source. Then, we have a file upload area that misses an extension to filter out. Similarly, we also have a directory for the uploads. However, there are restrictions to certain functions making it difficult to get a reverse shell.
“Decode” is an easy machine from HackMyVM by the user avijneyam. This machine requires some common sense to gather information. The enumeration is fairly easy. The enumeration starts by looking at the robots.txt file. We have some hints there about the next vulnerability. Then, we have to find a file that contains the password of one of the users.
Pingme is a new machine from HackMyVM by a friend rpj7. This machine is actually very nice if you try the intended way to get the shell. There is another vulnerability (dirty pipe) in the machine as well (which is… Read More »Pingme Writeup from HackMyVM – Walkthrough
“Blog” is an easy machine from HackMyVM by d4t4s3c. If you have done many machines, this is a piece of cake. If you are new, I definitely suggest you do it on your own. The enumeration starts with enumerating the… Read More »Blog Writeup from HackMyVM – Walkthrough
If you are just starting into pentesting or if you are an expert in it, you should definitely know about HackMyVM. HackMyVM is a platform created by sML around 2020. This is similar to another platform called Vulnhub. In this… Read More »HackMyVM – Platform for Vulnerable Machines
University is an easy machine from the HackMyVM platform. The author of the machine is SML. The machine’s main exploit is insecure file upload leading to remote code execution. The machine is fairly easy. “Writeup of University from HackMyVM –… Read More »Writeup of University from HackMyVM – Walkthrough
Preload is an easy machine by my friend avijneyam from the HackMyVM platform. There are only two exploits one need to understand to get to theinitial root of the machine. Also, there are error messages in the web app that… Read More »Preload – Writeup – HackMyVM – Walkthrough
Area51 is an easy machine built on the recent 0-day vulnerability of the Log4j utility. This is one of the vulnerabilities that had a lot of impacts worldwide and affected many enterprises. I also like to extend a huge thanks to the author bitc0de for this. The machine is fairly simple once we get the foothold. So, let’s start the writeup.
OTP is a difficult machine by the user avijneyam in the HackMyVM platform. By that, I mean there are many steps that one needs to perform to get to the root user. As usual, this machine works well on VirtualBox.
Venus is the first lab from the HackMyVM platform. This is a CTF that consists of 50 flags and a few hidden too. At the time of writing, the lab is a docker container and is available online via SSH. Similarly, this is a very easy CTF machine and beginners can directly dive into this.