Recon Hosts pt command is a custom pentest framework to manage hosts and variables, it is not required to reproduce the steps in this writeup ┌──(bravosec㉿fsociety)-[~/htb/Soulmate] └─$ pt ...

Recon Hosts pt command is a custom pentest framework to manage hosts and variables, it is not required to reproduce the steps in this writeup ┌──(bravosec㉿fsociety)-[~/htb/Conversor] └─$ pt...

Recon Hosts pt command is a custom pentest framework to manage hosts and variables, it is not required to reproduce the steps in this writeup ┌──(bravosec㉿fsociety)-[~/htb/Signed] └─$ pt in...

Recon Hosts pt command is a custom pentest framework to manage hosts and variables, it is not required to reproduce the steps in this writeup ┌──(bravosec㉿fsociety)-[~/htb/Imagery] └─$ pt i...

Recon Hosts pt command is a custom pentest framework to manage hosts and variables, it is not required to reproduce the steps in this writeup ┌──(bravosec㉿fsociety)-[~/htb/Expressway] └─$ p...

Recon Hosts pt command is a custom pentest framework to manage hosts and variables, it is not required to reproduce the steps in this writeup ┌──(bravosec㉿fsociety)-[~/htb/Previous] └─$ pt ...

Recon Hosts pt command is a custom pentest framework to manage hosts and variables, it is not required to reproduce the steps in this writeup ┌──(bravosec㉿fsociety)-[~/htb/CodePartTwo] └─$ ...

Recon Hosts pt command is a custom pentest framework to manage hosts and variables, it is not required to reproduce the steps in this writeup ┌──(bravosec㉿fsociety)-[~/htb/Editor] └─$ pt in...

Strutted is an medium-difficulty Linux machine featuring a website for a company offering image hosting solutions. The website provides a Docker container with the version of Apache Struts that is ...

RustyKey is a hard difficulty Windows Machine which showcases a Timeroasting Attack, Active Directory ACL abuse following Windows Group Policy Enumeration to abuse the 7-Zip Shell Extension. For Pr...

Outbound is an easy-difficulty Linux machine with provided assumed breach credentials. The credentials provide access to a Roundcube instance, where the user can enumerate the version and utilize C...

Voleur is a medium difficulty Windows machine designed around an assumed breach scenario, where the attacker is provided with low-privileged user credentials. Start by cracking encrypted excel shee...

Haze is a hard difficulty Windows machine focused on web exploitation, domain abuse, and Windows privilege escalation. Initial access is gained by exploiting a Splunk Arbitrary File Read (CVE-2024-...

Artificial is an easy-difficulty Linux machine that showcases exploiting a web application used to run AI models with Tensorflow and the Backrest web UI by abusing the backup and restore functional...

TombWatcher is a medium difficulty machine, multiple DACL abuse chaining leads to shell as john, john is able to create shadow credential for cert_admin after restoring it from AD recycle bin, expl...