-
CPTS Preparation Machines – HTB Soccer
The Soccer machine begins with a website hosted on Tiny File Manager. After the discovery of default credentials, these are used to upload a webshell and establish an initial foothold. Further enumeration reveals a second virtual host running a new site that relies on WebSockets for validation. An SQL injection… Continue ⇢
-
CPTS Preparation Machines – HTB Forest
Introduction:Forest is a Windows Active Directory machine on HackTheBox, with a difficulty level sitting between easy and medium. We start by using enum4linux to enumerate domain users. One of the accounts discovered is a service account, which often has pre-authentication disabled—making it susceptible to Kerberos AS-REP roasting. With pre-authentication disabled,… Continue ⇢
-
The Ultimate Hacker’s Backpack
Whether you’re heading to a client site, performing wireless assessments, or just love being prepared, having the right gear in your hacker backpack can make a huge difference. This isn’t just a list of gadgets—it’s a collection of tools that earn their place by solving real-world problems in the field.… Continue ⇢
-
The Best Phones and Tablets for Kali NetHunter in 2025
If you’re diving into mobile penetration testing, having a reliable and compatible device for Kali NetHunter is essential. While NetHunter supports a variety of devices, not all are created equal. Some offer better performance, others shine in battery life, and a few stand out for their wide community support and… Continue ⇢
-
SQL injection attack, listing the database contents on Oracle
With Burp Suite running, access the lab environment. The SQL injection vulnerability is located in the product category filter. Start by selecting any available filter. Once selected, you should be able to locate the corresponding request in Burp’s Target site map. Right-click on it and choose ‘Send to Repeater’. Navigate… Continue ⇢
-
Certified WiFiChallenge Professional (CWP) Review
Let’s Talk About the Certified WiFiChallenge Professional (CWP) What is the CWP?Course ContentCourse FormatComparison with OffSec’s OSWPExamConclusion What is the CWP? The Certified WiFiChallenge Professional (CWP) is a certification born out of the WiFiChallenge Lab project. For those unfamiliar with it, WiFiChallenge Lab is a fully virtual WiFi hacking lab… Continue ⇢
-
PRACTITIONER – Web shell upload via path traversal
In this post, we’ll analyze how a file upload mechanism combined with improper filename handling can be exploited to achieve remote code execution (RCE). Specifically, we’ll bypass directory restrictions by leveraging directory traversal via filename manipulation, ultimately allowing execution of a malicious script placed outside the intended directory. This kind… Continue ⇢
-
APPRENTICE – Web shell upload via Content-Type restriction bypass
In this post, we’ll explore how to bypass a server-side MIME type check to upload a malicious PHP file and achieve remote code execution (RCE). This scenario is common in web applications where file uploads are partially validated, but not thoroughly enforced, leaving room for creative manipulation. We’ll demonstrate how… Continue ⇢
-
APPRENTICE – Remote code execution via web shell uploa
In this post, we’ll walk through how to exploit an insecure file upload vulnerability to achieve remote code execution (RCE) and retrieve sensitive data from the server. This is a common scenario in web application pentesting, where improper handling of uploaded files allows attackers to execute arbitrary code. While proxying… Continue ⇢
You must be logged in to post a comment.