avatar
Articles
22
Tags
43
Categories
20
Home
Archives
CTF
  • HTB
  • VulnHub
Certifications
About
Void4m0n's Blog
Search
Home
Archives
CTF
  • HTB
  • VulnHub
Certifications
About
EN
  • EspaƱol
  • English

Void4m0n's Blog

Optimum - Easy - Hack The Box
Created2022-08-28|CTFsHack The BoxEasy
An Optimum write-up covering null byte injection, Python scripting, basic PowerShell for pentesting, CVE-2014-6287 for initial access and CVE-2016-0099, also known as MS16-032, for privilege escalation.
Bashed - Easy - Hack The Box
Created2022-08-19|CTFsHack The BoxEasy
A write-up of Bashed covering fuzzing, web shells, lateral movement, modifying Python scripts, exploiting cron jobs and escalating privileges through SUID permissions.
Legacy - Easy - Hack The Box
Created2022-08-11|CTFsHack The BoxEasy
In this post, we exploit Legacy using CVE-2008-4250. It is similar to Blue, but also covers generating shellcode with Msfvenom without using zzz_exploit.py.
Blue - Easy - Hack The Box
Created2022-08-05|CTFsHack The BoxEasy
In this post, we exploit the Blue machine with the NSA's famous EternalBlue tool, targeting the SMBv1 vulnerability CVE-2017-0144 and obtaining the highest possible privileges remotely.
Netmon - Easy - Hack The Box
Created2022-07-27|CTFsHack The BoxEasy
Netmon demonstrates the impact of a misconfigured FTP server that exposes system files and configuration backups. We recover web application credentials and exploit CVE-2018-9276 for RCE by adding an administrator account.
Jerry - Easy - Hack The Box
Created2022-07-17|CTFsHack The BoxEasy
In this write-up, we exploit Tomcat on the Easy machine Jerry through the Manager App, deploying a malicious .war application containing a reverse shell that gives us system administrator access.
Lame - Easy - Hack The Box
Created2022-07-13|CTFsHack The BoxEasy
An Easy machine where we gain root access by exploiting the Samba vulnerability CVE-2007-2447.
Fawn - Starting point - Hack The Box
Created2022-07-09|CTFsHack The BoxStarting pointTier 0
In this write-up, we cover Fawn, the second Tier 0 Starting Point machine. We connect to FTP using anonymous login and download the flag to our own machine.
Meow - Starting point - Hack The Box
Created2022-07-06|CTFsHack The BoxStarting pointTier 0
This post begins the Tier 0 Starting Point machines with Meow, the first machine selected for a write-up. I will focus on the exploitation process and only reference the accompanying questions when they provide information required for exploitation.
Dina 1.0.1 - Vulnhub
Created2022-06-27|VulnHubDina
Reconnaissance, brute force, RCE through command injection and privilege escalation through sudo.
123
avatar
Void4m0n
ASIR | OSCP+ | CRTP | eCPPTv2 | eWPTv2 | eJPT | CTF player
Articles
22
Tags
43
Categories
20
Let's connect!
Announcement
The EU wants to reactivate Chat Control 1.0
Recent Posts
Chat Control 1.0, the beginning of the end2026-07-13
OSCP+ Review - Offensive Security
OSCP+ Review - Offensive Security2026-03-27
Gavel - Medium - Hack The Box2026-01-20
CRTP - Review - AlteredSecurity
CRTP - Review - AlteredSecurity2025-11-20
eWPT - Review - eLearnSecurity
eWPT - Review - eLearnSecurity2024-01-29
Tags
Brute ForceCommand InjectionSudo -lFTP AnonymousTelnetTomCatEternalblueMs17-10CVE-2017-0144ms08-067CVE-2008-4250CVE-2018-9276Backups filesSambaCVE-2007-2447Null byte injectionCVE-2014-6287CVE-2016-0099MS16-032Cron TasksSUIDCVE-2011-1249MS11-046pcapCapabilitiesCertificationeLearnSecurityReviewPentestingeCPPTeWPTCredentials guessingArbitrary file uploadCVE-2015-6967ADeJPTCode AnalysisPhp code injectionLogin Brute ForceSQLi
Archives
  • July 2026 1
  • March 2026 1
  • January 2026 1
  • November 2025 1
  • January 2024 2
  • November 2022 2
  • September 2022 2
  • August 2022 4
Search
Loading Database