Doctor HackTheBox Walkthrough

Doctor is a machine in which I used Server Side Template injection to get to obtain shell access and then used enumeration and exploit vulnerable service to get root Access.

The Ultimate Linux Privilege Escalation Guide for OSCP & CTF

Privilege Escalation is a topic which most of CTF players and OSCP students struggle with. Privilege Escalation in general is to get more privilege but in this context it means getting root privilege which is the highest privilege in the system. In this article I am going to explain 7 methods of Linux privilege escalation with exploitation steps and how to fix them. But as a perquisites you must have Linux essentials for example the knowledge of how to use command line and the Linux permission model. To follow up with this tutorial we are going to use a vulnerable machine called LinESC which was created by me. You can download From Here. the default user is “muhammad” and password is “nasef”.

Tabby HackTheBox Walkthrough

Tabby is a machine in which I used Local File Inclusion to get tomcat credintials to obtain shell access and then used enumeration and lxd to get root Access.

Nasef1 Vulnerable Machine

Commander-in-chief : Hello Agent R, Two hours ago we lost contact with agent (N.A.S.E.F). He was in a secret mission in the enemy state “SOURG”. Your mission is to lead the task-force and bring him to our homeland safely, But first we need to hack into SOURG’s satellites to locate both user and root flag which represents nasef’s coordinates. Good Luck

LinEsc Vulnerable Machine

LinEsc is a machine built to demonstrate the 7 most common ways of Linux privilege escalation.

Blunder HackTheBox Walkthrough

Blunder is a machine in which I used an enumration and a multiple cms exploits to get a shell and then enumeration and another exploit to get root Access.

KIOPTRIX: LEVEL 1.2 Vulnhub Walkthrough

KIOPTRIX: LEVEL 1.2 is a machine in which I used SQL Injection to get useres credintials to obtain shell access and then exploited the misconfigured sudo permissions to get root Access.

DC:2 Vulnhub Walkthrough

DC:2 is a machine in which I used an enumration to credintials and then exploited the misconfigured sudo permissions to get root Access.

Sputnik:1 Vulnhub Walkthrough

Sputnik:1 is a machine in which I used an enumration to get admin credintials from the history of github repo to obtain shell access and then exploited the misconfigured sudo permissions to get root Access.

Matrix:3 Vulnhub Walkthrough

Matrix:3 is a machine in which I used a combination of enumeration and reverse engineering to obtain shell access and then exploited the misconfigured sudo permissions to get root Access.