TryHackMe
Blaster - TryHackMe Writeup
Throughout this room, we'll be looking at alternative modes of exploitation without the use of Metasploit or really exploitation tools in general beyond nmap and dirbuster.
Brainpan 1 - TryHackMe Writeup
Brainpan is perfect for OSCP practice and has been highly recommended to complete before the exam. Exploit a buffer overflow vulnerability by analyzing a Windows executable on a Linux machine.
ConvertMyVideo - TryHackMe Writeup
This room exploits an open-source Youtube video download tool using an interesting injection method. It also includes some common linux privilege escalation methods.
Tomghost - TryHackMe Writeup
This room covers the famous Ghostcat CVE vulnerability to gain an initial access shell on the remote machine alongside an interesting ASC and GPG privilege escalation technique.
Anonymous - TryHackMe Writeup
This room exploits a vulnerable FTP port left open, exposing a script that can be overwritten. Privilege escalation is also included using the famous GTFOBins to gain a root shell.
LazyAdmin - TryHackMe Writeup
Lazy admins are a hacker’s best friend. This room includes using the SweetRice exploit, peering into an unsecured MySQL backup, and a priv esc tactic of rewriting a script file.
CMess - TryHackMe Writeup
This room includes some interesting techniques like fuzzing subdomains, exploiting Gila CMS upload features and an interesting priv esc technique using tar and the checkpoint feature.
Simple CTF - TryHackMe Writeup
This room is designed for beginners and mimics a CTF-like scenario including basics like port scanning, enumeration, SQL Injection and even some simple privilege escalation tactics.
Ultratech - TryHackMe Writeup
You have been contracted by UltraTech. It’s a grey-box kind of assessment. The only information you have is the company's name and their server's IP address.
Internal - TryHackMe Writeup
You have been assigned to a client that wants a penetration test conducted on an environment due to be released to production in three weeks. Can you hack it?
OWASP Top 10 Web Vulnerabilities
This room breaks each OWASP topic down and includes details on what the vulnerability is, how it occurs and how you can exploit it effectively.
Burp Suite Basics Room
This room is designed for you to learn the basics and major components of Burp Suite, the de facto tool to use when performing web app testing.
Web Fundamentals Room
This room is designed as a basic intro to how the web works. It covers HTTP requests and responses, web servers, cookies and then a mini CTF at the end.
Network Services 2 - More Services
This room is a direct sequel to the first Network Services room. It explores more common network services and their vulnerabilities you will likely find in the real world.
Network Services - Common Services
This room explores common Network Service vulnerabilities and misconfigurations on services such as SMB, Telnet and FTP - both explaining and exploiting.