WHO_I_AMME

// VULNERABILITIES_ARCHIVES

getting-react2shell-vulns-under-1
12/29/2025

getting-react2shell-vulns-under-1

Practical script for React2Shell vulnerability, covering CVE-2025-55182 and CVE-2025-66478 fastest interaction. For overview I already creat

Read more
htb-cicada-windows-easy
12/29/2025

htb-cicada-windows-easy

Beginner AD machine set. Start with RID brute-forcing and get passwd from SMB shares. Escalating DC users with password leakage 3 times. Pri

Read more
The following lines are desirable for IPv6 capable hosts
12/29/2025

The following lines are desirable for IPv6 capable hosts

Enumerate 2 HTTP on port 80 and 8080 to find one of them are based on XWiki Debian that's vuln to CVE-2024-24893, elevate to User with crede

Read more
htb-era-linux-medium
12/29/2025

htb-era-linux-medium

Discover 2 HTTP chain that are vuln to IDOR, leading to OpenBSD hash leak and genKey with FTP creds, perform IDOR with SSRF leading to Users

Read more
htb-forest-windows-easy
12/29/2025

htb-forest-windows-easy

Enumerate DC Users with *blank credentials and find one of the account are vuln to AS-REP roast, mapping DC with BloodHound to set our accou

Read more
htb-love-windows-easy
12/29/2025

htb-love-windows-easy

Nmap finger-print find 2 HTTP chained, discover SSRF Vulnerability leading to credential and get initial access with File Upload vulnerabili

Read more
htb-pollution-linux-hard
12/29/2025

htb-pollution-linux-hard

XXE on vuln API end-point leading to LFI to fetch credentials for another WebApp for initial access RCE through filter Injection. Pivot in M

Read more
htb-reaper-dfir-very-easy
12/29/2025

htb-reaper-dfir-very-easy

Investigate NTLM Relay attack, the attack starts by network poisoning on LLMNR response when a victim has a typo in the host in shares path.

Read more
htb-rebound-windows-insane
12/29/2025

htb-rebound-windows-insane

Begin with AS-REP Roast to TGS no-auth roasting, discover change/reset passwords group to service user. PrivEsc with cross-session relay att

Read more
htb-response-linux-insane
12/29/2025

htb-response-linux-insane

Phishing Admin and other Users through WebApp to gain access and PrivEsc in Docker container, elevate to FTP Access for User box. PrivEsc wi

Read more
~/.profile: executed by the command interpreter for login shells.
12/29/2025

~/.profile: executed by the command interpreter for login shells.

Enumerate 5+ HTTP to attack, find SQL Injection to restore Key inside GTFObin, PrivEsc with attacking insecure AES and Restic, then lateral

Read more
pen-200-practices-active-directory-6d1
12/29/2025

pen-200-practices-active-directory-6d1

Elevate your initial foot-hold around WebApp and SMB shares, gain machine initial access through reverse shell as User. PrivEsc with winPEAS

Read more
pen-200-practices-active-directory-8a8
12/29/2025

pen-200-practices-active-directory-8a8

Enumerating DC service ports and discover vulnerability through Windows version and NMAP Vuln script. Windows execution through Metasploit C

Read more
pen-200-practices-active-directory-a76
12/29/2025

pen-200-practices-active-directory-a76

Active Directory (Full-case) Kerberos Based-attack for PEN-200 practices. Active Directory On this another internal PenTesting practices, th

Read more
pen-200-practices-active-directory-af7
12/29/2025

pen-200-practices-active-directory-af7

Exploiting ADCS with category of ESC1 with escalation of CVE-2022-26923, adding a host for exploiting UPNs and SAN insecure unique DNS signa

Read more
pen-200-practices-stand-alone-windows
12/29/2025

pen-200-practices-stand-alone-windows

Craft Windows Username format via Web enumeration, elevate with AS-REP roasting to WinRM session login. PrivEsc with abusing group members o

Read more