Did you know about SETENV? What about using PYTHONPATH? Recon never ends, credentials are never enough, especially in Admirer!

Vulnerable web application with SQLi that leads to shell upload, followed by a classical privesc with a SUID binary and a path overwrite, really fun and realistic machine!

Come and see my writeup on one of the mindblowing XSS that Intigriti creates for the fun (and frustration) of hackers…

Interested in how I managed to copy all of my Iphone images to my Linux machine using SMB and a Windows VM? Well, then you may be interested in one of the many problems I had with Shotwell…

Do you know bash and php? This post is a lesson on how to properly process input when running bash commands and how to (not) secure a file upload with php!

Windows box, if enumeration is your thing you might find this useful! Loads of things: SMB, Password cracking, winRM…

Want to learn about binary exploitation? On this machine I show how to exploit a buffer overflow on a 64-bit binary using ROP to get a user shell. From there, just cracking hashes to access a keepass database and find the root password!

One of the best machines I’ve come across: from an API with vulnerabilities to a docker container that has a database with credentials exposed! What can be more realistic?

Ever heard of ELK? Elasticsearch, Logstash and Kibana, three tools used in log management by admins. This cool box is based on all three and shows some really fun features, you can’t miss it!

Jarvis from Iron Man? Hack the box? Really cool machine with a nice lateral movement based on a Python script plus a nice lesson on linux systemctl! Not to be missed…