Tag: walkthrough

  • HackMyVM – Fianso Walkthrough – Writeup

    HackMyVM – Fianso Walkthrough – Writeup

    HackMyVM has come up with a new vulnerable machine whose author is cromiphi. The machine is of medium difficulty; although you can consider it hard depending on your experience. The machine includes an SSTI vulnerability in the web server that leads to the user flag. Right after this, it includes a script that requires us…

  • Opacity Walkthrough from HackMyVM – Writeup

    Opacity Walkthrough from HackMyVM – Writeup

    Opacity is a new machine from the platform HackMyVM. The author of the VM is mindsflee. The VM includes vulnerabilities like insecure file upload, remote command execution, insecure file permissions, exploiting cronjobs, etc. In this post, I will describe all the steps starting from identifying the IP address of the target to finding the root…

  • Writeup – HackMyVM’s Dejavu Walkthrough

    Writeup – HackMyVM’s Dejavu Walkthrough

    Dejavu is an easy machine from HackMyVM by the user InfayerTS. The machine includes basic vulnerabilities. First of all, we find a path from a page’s source. Then, we have a file upload area that misses an extension to filter out. Similarly, we also have a directory for the uploads. However, there are restrictions to…

  • Decode from HackMyVM – Full Walkthrough

    Decode from HackMyVM – Full Walkthrough

    “Decode” is an easy machine from HackMyVM by the user avijneyam. This machine requires some common sense to gather information. The enumeration is fairly easy. The enumeration starts by looking at the robots.txt file. We have some hints there about the next vulnerability. Then, we have to find a file that contains the password of…

  • Pingme Writeup from HackMyVM – Walkthrough

    Pingme Writeup from HackMyVM – Walkthrough

    Pingme is a new machine from HackMyVM by a friend rpj7. This machine is actually very nice if you try the intended way to get the shell. There is another vulnerability (dirty pipe) in the machine as well (which is unintended as the author released the machine before the exposure of that vulnerability). That one…

  • Blog Writeup from HackMyVM – Walkthrough

    Blog Writeup from HackMyVM – Walkthrough

    “Blog” is an easy machine from HackMyVM by d4t4s3c. If you have done many machines, this is a piece of cake. If you are new, I definitely suggest you do it on your own. The enumeration starts with enumerating the directories and finding a special blog. It has a file upload vulnerability and one can…

  • Writeup of University from HackMyVM – Walkthrough

    Writeup of University from HackMyVM – Walkthrough

    University is an easy machine from the HackMyVM platform. The author of the machine is SML. The machine’s main exploit is insecure file upload leading to remote code execution. The machine is fairly easy. “Writeup of University from HackMyVM – Walkthrough” Link to the machine Step 1: ARP Scan As usual, my enumeration began with…

  • Preload – Writeup – HackMyVM – Walkthrough

    Preload – Writeup – HackMyVM – Walkthrough

    Preload is an easy machine by my friend avijneyam from the HackMyVM platform. There are only two exploits one need to understand to get to theinitial root of the machine. Also, there are error messages in the web app that help us proceed forward. If you like my writeups, please consider tipping me in Ko-fi.…

  • Area51 – Writeup – Log4Shell – HackMyVM

    Area51 – Writeup – Log4Shell – HackMyVM

    Area51 is an easy machine built on the recent 0-day vulnerability of the Log4j utility. This is one of the vulnerabilities that had a lot of impacts worldwide and affected many enterprises. I also like to extend a huge thanks to the author bitc0de for this. The machine is fairly simple once we get the…

  • Earth – The Planets – Vulnhub – Writeup

    Earth – The Planets – Vulnhub – Writeup

    Earth is a CTF machine from Vulnhub created by SirFlash. This is the third machine from his series “The Planets” and the previous machine “Venus” was equally great. As the author said, the difficulty is subjective to the experience. And, for me, I had to take hints for the root privilege escalation. The machine works…