Arroutada is a medium-difficulty machine by RiJaba1 from the HackMyVM platform. Although the author has marked this machine as easy, I don’t consider it that easy since it involves a lot of steps. To elaborate, it features various techniques like fuzzing, bruteforcing, proxying ports, remote command execution, etc. Anyway, the machine isn’t complex to crack […]
Ephemeral is a difficult machine involving various tricks and techniques to get to the root shell. However, it took some time for me as one of the exploits wasn’t working. So, I had to modify the script to make it work. The machine features local file inclusions, remote command execution using LFI and phpinfo script, […]
Eighty is a difficult machine from sML on the platform HackMyVM. This machine uses various techniques like knocking the ports out, analyzing the webserver and exploiting superuser permission. However, you can also say that the machine is relatively easy since everything is ahead of you. Furthermore, an experienced hacker can easily lay out the route […]
HackMyVM has added a new medium-difficulty machine “Catland” by cromiphi. This machine features subdomain enumeration, local file inclusion, insecure file permissions and sudo abuse. However, for the domain name, you need to take the help of the VM box. “Catland walkthrough from HackMyVM – Writeup” Click here to go to the download page of Catland […]
Light is an easy machine from the platform HackMyVM by sML. This machine requires knowledge of basic Linux and penetration testing. It could be really easy for those who have experience in penetration testing but could be different for newcomers. “HackMyVM Light Writeup – Walkthrough” Click here to go to the machine’s download page. Get […]
By far, Troya is one of my favourite VMs from the HackMyVM platform. The creator of the machines is sML and he has categorized this as a medium machine. However, I found this machine intriguing and was definitely hard for me. First of all, we need to identify a way to inject OS commands remotely. […]
HackMyVM has come up with a new vulnerable machine whose author is cromiphi. The machine is of medium difficulty; although you can consider it hard depending on your experience. The machine includes an SSTI vulnerability in the web server that leads to the user flag. Right after this, it includes a script that requires us […]
Dejavu is an easy machine from HackMyVM by the user InfayerTS. The machine includes basic vulnerabilities. First of all, we find a path from a page’s source. Then, we have a file upload area that misses an extension to filter out. Similarly, we also have a directory for the uploads. However, there are restrictions to certain functions making it difficult to get a reverse shell.
“Decode” is an easy machine from HackMyVM by the user avijneyam. This machine requires some common sense to gather information. The enumeration is fairly easy. The enumeration starts by looking at the robots.txt file. We have some hints there about the next vulnerability. Then, we have to find a file that contains the password of one of the users.
Pingme is a new machine from HackMyVM by a friend rpj7. This machine is actually very nice if you try the intended way to get the shell. There is another vulnerability (dirty pipe) in the machine as well (which is unintended as the author released the machine before the exposure of that vulnerability). That one […]