Personal pentesting lab — write-ups, methodology notes, and proof-of-concept work across CTF platforms and self-hosted environments. Every machine documented here was rooted manually, no automated exploit chains.
Focus: enumeration discipline, privilege escalation paths, and understanding why a vulnerability exists, not just that it does.
| Machine | Platform | Difficulty | Key Techniques | Status |
|---|---|---|---|---|
| Fowsniff | TryHackMe | Easy/Medium | OSINT, POP3 bruteforce, Python reverse shell | ✅ |
| Common Linux PrivEsc | TryHackMe | Easy | SUID, sudo abuse, cron jobs, PATH hijacking, /etc/passwd write | ✅ |
| Basic Pentesting | TryHackMe | Easy | SMB enumeration, SSH bruteforce, RSA key cracking | ✅ |
| NodeClimb | DockerLabs | Easy | Anonymous FTP, zip2john, sudo node GTFOBins | ✅ |
| Vacaciones | DockerLabs | Very Easy | SSH bruteforce, user pivoting, sudo ruby GTFOBins | ✅ |
| Anonforce | TryHackMe | Easy | Anonymous FTP, GPG/PGP decryption, hash cracking | ✅ |
| Thompson | TryHackMe | Easy | Apache Tomcat · WAR reverse shell · Cronjob abuse | ✅ |
| Mr Robot CTF | TryHackMe | Medium | Web enumeration, WordPress user enumeration, brute force, malicious plugin (PHP reverse shell), SUID privesc | ✅ |
| Pinguinazo | DockerLabs | Easy | SSTI (Jinja2), RCE, Reverse Shell, GTFOBins (Java) | ✅ |
| Ignite | TryHackMe | Easy | CVE-2018-16763, Fuel CMS RCE, Searchsploit, mkfifo Reverse Shell, Password Reuse | ✅ |
| Category | Tools |
|---|---|
| Recon & Enumeration | Nmap, Gobuster, enum4linux, smbclient |
| Exploitation | Metasploit, Netcat, Python scripting |
| Credential Attacks | Hydra, John the Ripper, rockyou / SecLists |
| Active Directory | BloodHound (learning), Kerberos abuse, GPO analysis |
| Environment | Fedora, Distrobox (Kali), OpenVPN |
Working through TryHackMe learning paths while building toward CompTIA Security+. Next milestone: HackTheBox after cert.
Longer-term target: Jr. Pentester or SOC Analyst role, with a preference for offensive work.
| Repo | Description |
|---|---|
| Active Directory Home Lab | AD deployment from scratch — GPO hardening, Kerberos, PrivEsc paths |
Write-ups here follow a consistent structure: recon → enumeration → foothold → post-exploitation → lessons learned. The goal isn't just to document what worked — it's to explain why the attack surface existed and what a defender would need to fix.
Notes are also kept locally in Obsidian for faster iteration during active labs.