TryHackMe
Tomghost - TryHackMe Writeup
This room covers the famous Ghostcat CVE vulnerability to gain an initial access shell on the remote machine alongside an interesting ASC and GPG privilege escalation technique.
LazyAdmin - TryHackMe Writeup
Lazy admins are a hacker’s best friend. This room includes using the SweetRice exploit, peering into an unsecured MySQL backup, and a priv esc tactic of rewriting a script file.
CMess - TryHackMe Writeup
This room includes some interesting techniques like fuzzing subdomains, exploiting Gila CMS upload features and an interesting priv esc technique using tar and the checkpoint feature.