TryHackMe: Kitty
Kitty from TryHackMe is a Linux machine running a web application with security vulnerabilities. We are tasked with finding the vulnerabilities and exploiting them to gain root privileges on the…
GitLab CVE-2023-7028
This blog is based on TryHackMe's room on GitLab CVE-2023-7028. Learning Objectives Exploit a GitLab CE instance through CVE 2023-7028 How the exploit works Protection and mitigation measures What is…
TryHackMe: Reset
Reset is a Windows machine that is part of a domain and consists of many misconfigurations. Our goal is to perform a Pentest as a Red Teamer and exploit the…
HTTP Request Smuggling
This blog is based on the HHTP Request Smuggling room from TryHackMe. What is HTTP Request Smuggling? HTTP Request Smuggling is a vulnerability that arises when there are mismatches in…
TryHackMe: Bulletproof Penguin
Bulletproof plugin is an easy room that deals with hardening security on the common services that run on a Linux machine. This room covers services such as FTP, MySQL, Redis, SSH,…
TryHackMe: Umbrella
Umbrella from TryHackMe is a Linux machine with multiple misconfigurations. To get a foothold, we need to perform enumeration on the Docker Registry and obtain credentials for the MySQL database.…