Posts by Tag
- buffer overflow 19
- OSCP Box 16
- OSCP Prep 9
- windows exploitation 9
- vulnserver 9
- Windows VAPT 7
- format string 6
- Windows Box 6
- Linux VAPT 5
- got overwrite 4
- rop 4
- Linux Box 4
- red teaming 4
- active directory 4
- infrastrcture pentesting 4
- powershell 4
- file descriptors 3
- ctf 3
- Red Teaming 3
- Active Directory Exploitation 3
- shellcode 2
- exploit dev 2
- arbitrary write 2
- heap overflow 2
- Eternal Blue Exploit 2
- MS17-010 2
- VSFTPD 2.3.4 Exploit 2
- PHP Reverse Shell 2
- enumeration 2
- ASREP Roasting 2
- RPC Enumeration 2
- LDAP Enumeraion 2
- DCSync Attack 2
- Pass The Hash Attack 2
- packers 1
- collision attack 1
- Samba 3.0.20 1
- MS08-067 1
- supervisord 1
- Linux PrivEsc 1
- CA Cert 1
- Voting System Exploit 1
- File Upload Exploit 1
- Windows PrivEsc 1
- winPEAS 1
- AlwaysInstallElevated 1
- keepass 1
- psexec 1
- Token Impersonation 1
- Juicy Potato 1
- socket programming 1
- stdin 1
- stderr 1
- capabalities 1
- uid priv esc 1
- shellshock 1
- kubernetes 1
- SMB relay attack 1
- Print Nightmare 1
- ASPX Reverse Shell 1
- SeImpersonatePrivilege 1
- JWT Bypass 1
- CoreDump PrivEsc 1
- apport-unpack 1
- APK Reversing 1
- Mobile Pentesting 1
- Sudo Exploit 1
- Kerberos Bruteforcing 1
- Kerberoasting 1
- GPP Exploit 1
- GPP Password Cracking 1
- SNMP Enumeration 1
- SSH Port Forwarding 1
- SUID Binary Abuse 1
- Bypass Restrict Shell Via /usr/bin/at 1
- SQLi Union Attack 1
- File Upload Attack 1
- SMB Enumeration 1
- PFX File 1
- PS Remoting 1
- LAPS Abuse 1
- LAPS Priv Esc 1
- amsi bypass 1
buffer overflow
ROP Emporium - callme (32 bit)
Solution for callme x32 from ROP Emporium
ROP Emporium - callme (64 bit)
Solution for callme x64 from ROP Emporium
ROP Emporium - split (64 bit)
Solution for split x64 from ROP Emporium
ROP Emporium - split (32 bit)
Solution for split x32 from ROP Emporium
ROP Emporium - ret2win
Solution for ret2win from ROP Emporium
protostar - stack 4
Solution for stack four from Protostar in Exploit Education Series
protostar - stack 3
Solution for stack three from Protostar in Exploit Education Series
protostar - stack 2
Solution for stack two from Protostar in Exploit Education Series
protostar - stack 1
Solution for stack one from Protostar in Exploit Education Series
protostar - stack 0
Solution for stack zero from Protostar in Exploit Education Series
phoenix - stack 5
Solution for stack five from Phoenix in Exploit Education Series
phoenix - stack 4
Solution for stack four from Phoenix in Exploit Education Series
phoenix - stack 3
Solution for stack three from Phoenix in Exploit Education Series
phoenix - stack 2
Solution for stack two from Phoenix in Exploit Education Series
phoenix - stack 1
Solution for stack one from Phoenix in Exploit Education Series
phoenix - stack 0
Solution for stack zero from Phoenix in Exploit Education Series
pwnable.kr - bof
A classic buffer overflow challenge
Return To LIBC Attack (ret2libc)
A detailed explanation of ret2libc attack and how it can be used to bypass ASLR and NX bit
Buffer Overflow (ret2func)
A detailed explanation of stack buffer overflow in C programs in which we can exploit a buffer space to return anothe...
OSCP Box
HTB - TimeLapse
Writeup for HTB - TimeLapse
HTB - Pandora
Writeup for HTB - Panodra
HTB - Active
Writeup for HTB - Active
HTB - Sauna
Writeup for HTB - Sauna
HTB - Forest
Writeup for HTB - Forest
HTB - RouterSpace
Writeup for HTB - RouterSpace
HTB - Secret
Writeup for HTB - Secret
HTB - Devel
Writeup for HTB - Devel
HTB - Driver
Writeup for HTB - Driver
HTB - Cap
Writeup for HTB - Cap
HTB - Jeeves
Writeup for HTB - Jeeves
HTB - Love
Writeup for HTB - Love
HTB - LaCasaDePapel
Writeup for HTB - LaCasaDePapel
HTB - Legacy
Writeup for HTB - Lame
HTB - Lame
Writeup for HTB - Lame
HTB - Blue
Writeup for HTB - Blue
OSCP Prep
HTB - Devel
Writeup for HTB - Devel
HTB - Driver
Writeup for HTB - Driver
HTB - Cap
Writeup for HTB - Cap
HTB - Jeeves
Writeup for HTB - Jeeves
HTB - Love
Writeup for HTB - Love
HTB - LaCasaDePapel
Writeup for HTB - LaCasaDePapel
HTB - Legacy
Writeup for HTB - Lame
HTB - Lame
Writeup for HTB - Lame
HTB - Blue
Writeup for HTB - Blue
windows exploitation
Vulnserver KSTET - Staged exploitation and Socket reusing
A simple walkthrough on Vulnserver KSTET using socket reusing and staged exploitation technique
Vulnserver GTER - Staged exploitation and Socket reusing
A simple walkthrough on Vulnserver GTER using socket reusing and staged exploitation technique
Vulnserver GTER - Staged exploitation and Egg hunting
A simple walkthrough on Vulnserver GTER using egg hunter and staged exploitation technique
Vulnserver LTER - Bypass Restricted Characters
A simple walkthrough on Vulnserver LTER using encoders to bypass restricted characters
Vulnserver HTER - EIP Overwrite with Character conversion
A simple walkthrough on Vulnserver HTER vanilla EIP overwrite
Vulnserver GMON - SEH Overflow & Stack Pivoting
A simple walkthrough on Vulnserver GMON SEH overflow with stack pivoting
Vulnserver GMON - SEH Overflow & Egg Hunting
A simple walkthrough on Vulnserver GMON SEH overflow & Egg hunting
Vulnserver TRUN - Stack Buffer Overflow
A simple walkthrough on Vulnserver TRUN stack buffer overflow
Vulnserver Setup - Prologue
A simple guide to set up Vulnserver and insight about user land memory
vulnserver
Vulnserver KSTET - Staged exploitation and Socket reusing
A simple walkthrough on Vulnserver KSTET using socket reusing and staged exploitation technique
Vulnserver GTER - Staged exploitation and Socket reusing
A simple walkthrough on Vulnserver GTER using socket reusing and staged exploitation technique
Vulnserver GTER - Staged exploitation and Egg hunting
A simple walkthrough on Vulnserver GTER using egg hunter and staged exploitation technique
Vulnserver LTER - Bypass Restricted Characters
A simple walkthrough on Vulnserver LTER using encoders to bypass restricted characters
Vulnserver HTER - EIP Overwrite with Character conversion
A simple walkthrough on Vulnserver HTER vanilla EIP overwrite
Vulnserver GMON - SEH Overflow & Stack Pivoting
A simple walkthrough on Vulnserver GMON SEH overflow with stack pivoting
Vulnserver GMON - SEH Overflow & Egg Hunting
A simple walkthrough on Vulnserver GMON SEH overflow & Egg hunting
Vulnserver TRUN - Stack Buffer Overflow
A simple walkthrough on Vulnserver TRUN stack buffer overflow
Vulnserver Setup - Prologue
A simple guide to set up Vulnserver and insight about user land memory
Windows VAPT
HTB - TimeLapse
Writeup for HTB - TimeLapse
HTB - Devel
Writeup for HTB - Devel
HTB - Driver
Writeup for HTB - Driver
HTB - Jeeves
Writeup for HTB - Jeeves
HTB - Love
Writeup for HTB - Love
HTB - Legacy
Writeup for HTB - Lame
HTB - Blue
Writeup for HTB - Blue
format string
phoenix - format 4
Solution for format four from Phoenix in Exploit Education Series
phoenix - format 3
Solution for format three from Phoenix in Exploit Education Series
phoenix - format 2
Solution for format two from Phoenix in Exploit Education Series
phoenix - format 1
Solution for format one from Phoenix in Exploit Education Series
phoenix - format 0
Solution for format zero from Phoenix in Exploit Education Series
Format String Vulnerability
A detailed explanation of format string vulnerability in C programs
Windows Box
HTB - Devel
Writeup for HTB - Devel
HTB - Driver
Writeup for HTB - Driver
HTB - Jeeves
Writeup for HTB - Jeeves
HTB - Love
Writeup for HTB - Love
HTB - Legacy
Writeup for HTB - Lame
HTB - Blue
Writeup for HTB - Blue
Linux VAPT
HTB - Pandora
Writeup for HTB - Panodra
HTB - Secret
Writeup for HTB - Secret
HTB - Cap
Writeup for HTB - Cap
HTB - LaCasaDePapel
Writeup for HTB - LaCasaDePapel
HTB - Lame
Writeup for HTB - Lame
got overwrite
phoenix - heap 1
Solution for heap one from Phoenix in Exploit Education Series
phoenix - format 4
Solution for format four from Phoenix in Exploit Education Series
pwnable.kr - passcode
A challenge related to pointers and GOT overwrite
GOT Overwrite
A simple explanation of GOT Overwrite in GDB debugger
rop
ROP Emporium - callme (32 bit)
Solution for callme x32 from ROP Emporium
ROP Emporium - callme (64 bit)
Solution for callme x64 from ROP Emporium
ROP Emporium - split (64 bit)
Solution for split x64 from ROP Emporium
ROP Emporium - split (32 bit)
Solution for split x32 from ROP Emporium
Linux Box
HTB - Secret
Writeup for HTB - Secret
HTB - Cap
Writeup for HTB - Cap
HTB - LaCasaDePapel
Writeup for HTB - LaCasaDePapel
HTB - Lame
Writeup for HTB - Lame
red teaming
How I hacked a company
A simple blog post on my first red team engagement
AMSI Bypass - Memory Patching
A detailed blog about AMSI internals and patching AMSI through memory
LLMNR & NBT-NS Poisoning via Responder
A detailed blog about LLMNR & NBT-NS Poisoning using Responder
Red Teaming - Enumeration
A overview on Red Team enumeration tactics
active directory
How I hacked a company
A simple blog post on my first red team engagement
AMSI Bypass - Memory Patching
A detailed blog about AMSI internals and patching AMSI through memory
LLMNR & NBT-NS Poisoning via Responder
A detailed blog about LLMNR & NBT-NS Poisoning using Responder
Red Teaming - Enumeration
A overview on Red Team enumeration tactics
infrastrcture pentesting
How I hacked a company
A simple blog post on my first red team engagement
AMSI Bypass - Memory Patching
A detailed blog about AMSI internals and patching AMSI through memory
LLMNR & NBT-NS Poisoning via Responder
A detailed blog about LLMNR & NBT-NS Poisoning using Responder
Red Teaming - Enumeration
A overview on Red Team enumeration tactics
powershell
How I hacked a company
A simple blog post on my first red team engagement
AMSI Bypass - Memory Patching
A detailed blog about AMSI internals and patching AMSI through memory
LLMNR & NBT-NS Poisoning via Responder
A detailed blog about LLMNR & NBT-NS Poisoning using Responder
Red Teaming - Enumeration
A overview on Red Team enumeration tactics
file descriptors
pwnable.kr - mistake
A simple challenge related to file descriptor and file descriptor
pwnable.kr - input
A simple challenge related to bypassing inputs for a binary
pwnable.kr - fd
A simple challenge related to file descriptors
ctf
1337UP Live - OptimusPrime
A walkthrough on OSINT challenge from 1337UP Live 2022
1337UP Live - Liikt#1337
A walkthrough on misc challenge from 1337UP Live 2022
InCTF Pro 21 Finals - PyJail K8
A walkthrough on kubernetes challenge from InCTF Pro 21 Finals
Red Teaming
HTB - Active
Writeup for HTB - Active
HTB - Sauna
Writeup for HTB - Sauna
HTB - Forest
Writeup for HTB - Forest
Active Directory Exploitation
HTB - Active
Writeup for HTB - Active
HTB - Sauna
Writeup for HTB - Sauna
HTB - Forest
Writeup for HTB - Forest
shellcode
phoenix - format 4
Solution for format four from Phoenix in Exploit Education Series
Exploitation with shellcode
A simple explanation on syscalls and how to craft shellcodes with specific function
exploit dev
GOT Overwrite
A simple explanation of GOT Overwrite in GDB debugger
Return To LIBC Attack (ret2libc)
A detailed explanation of ret2libc attack and how it can be used to bypass ASLR and NX bit
arbitrary write
phoenix - format 4
Solution for format four from Phoenix in Exploit Education Series
phoenix - format 3
Solution for format three from Phoenix in Exploit Education Series
heap overflow
phoenix - heap 1
Solution for heap one from Phoenix in Exploit Education Series
phoenix - heap 0
Solution for heap zero from Phoenix in Exploit Education Series
Eternal Blue Exploit
Back to top ↑MS17-010
Back to top ↑VSFTPD 2.3.4 Exploit
Back to top ↑PHP Reverse Shell
Back to top ↑enumeration
LLMNR & NBT-NS Poisoning via Responder
A detailed blog about LLMNR & NBT-NS Poisoning using Responder
Red Teaming - Enumeration
A overview on Red Team enumeration tactics