// ANALYSIS_ARCHIVES
HTB Rebound - Windows (Insane)
Begin with AS-REP Roast to TGS no-auth roasting, discover change/reset passwords group to service user. PrivEsc with cross-session relay att
HTB Cicada - Windows (Easy)
Beginner AD machine set. Start with RID brute-forcing and get passwd from SMB shares. Escalating DC users with password leakage 3 times. Pri
HTB Forest - Windows (Easy)
Enumerate DC Users with *blank credentials and find one of the account are vuln to AS-REP roast, mapping DC with BloodHound to set our accou
HTB Love - Windows (Easy)
Nmap finger-print find 2 HTTP chained, discover SSRF Vulnerability leading to credential and get initial access with File Upload vulnerabili
WhiteBox Web Application Pentesting - Part 1
Practices for PHP Web application Pentesting (OS Command Injection) in WhiteBox scenario, getting the goods after source-code review. Web Ap
HTB WhiteRabbit - Linux (Insane)
Enumerate 5+ HTTP to attack, find SQL Injection to restore Key inside GTFObin, PrivEsc with attacking insecure AES and Restic, then lateral
HTB Pollution - Linux (Hard)
XXE on vuln API end-point leading to LFI to fetch credentials for another WebApp for initial access RCE through filter Injection. Pivot in M
HTB Response - Linux (Insane)
Phishing Admin and other Users through WebApp to gain access and PrivEsc in Docker container, elevate to FTP Access for User box. PrivEsc wi
HTB Editor - Linux (Easy)
Enumerate 2 HTTP services on port 80 and 8080. Find one based on XWiki Debian vulnerable to CVE-2024-24893. Elevate to User with credentials
HTB Era - Linux (Medium)
Discover 2 HTTP chain that are vuln to IDOR, leading to OpenBSD hash leak and genKey with FTP creds, perform IDOR with SSRF leading to Users
HTB Reaper - DFIR (Very Easy)
Investigate NTLM Relay attack, the attack starts by network poisoning on LLMNR response when a victim has a typo in the host in shares path.