My personal archive of CTF challenges and lab walkthroughs! This repository serves as a knowledge base and study guide tracking my progression across various cybersecurity training platforms. Inside, you'll find comprehensive notes and exploitation methodologies for the environments I've compromised.
TryHackMe https://tryhackme.com/p/bobbybojanglles
Hack the Box https://app.hackthebox.com/users/816258
Below is an index of the environments documented in this repository:
| Platform | Target Name | Difficulty level | Overview |
|---|---|---|---|
 |
Watcher | Medium | A classic boot2root Linux scenario focusing on web exploitation flows (LFI) and chained privilege escalation techniques to gain root access. |
|
LazyAdmin | Easy | Exploiting a SweetRice CMS backup leak to crack credentials, uploading a PHP reverse shell through an ads injection vulnerability, and escalating to root via a writable Perl backup script. |
 |
Codify | Easy | Exploiting a vm2 sandbox escape (CVE-2023-30547) for initial access, cracking a bcrypt hash from a SQLite database for lateral movement, and abusing a bash glob pattern bypass with pspy to leak root credentials. |
|
Madness | Easy | An image forensics and path brute forcing challenge that leads to SSH access via ROT13, ending in a SUID privilege escalation to root. |
|
Net Sec Challenge | Medium | A network security skills challenge using Nmap banner grabbing to find hidden flags, Hydra to brute force FTP credentials, and a stealthy Null scan to evade IDS detection. |
|
Opacity | Easy | Exploiting an insecure file upload to grab a KeePass database and escalating privileges through cracked credentials and an insecure backup script. |
|
Phishing Analysis Fundamentals | Easy | A walkthrough of email anatomy, delivery protocols, header analysis, body inspection, and common phishing attack types for SOC analysts. |
|
Pickle Rick | Easy | A Rick and Morty themed web exploitation challenge where you bypass command execution filters to find all the ingredients to turn Rick back into a human. |
|
The Greenholt Phish | Easy | Investigating a Business Email Compromise phishing email through header analysis, SPF/DMARC validation, and malicious attachment forensics. |
|
UltraTech | Medium | Enumerating a Node.js REST API and Apache web server, exploiting a command injection vulnerability in a ping endpoint to dump an SQLite database, cracking MD5 hashes, and escalating to root via Docker group membership. |
|
Willow | Medium | Decoding a hex-encoded RSA-encrypted SSH key found via NFS, cracking the key passphrase with John the Ripper, escalating to root through a sudo mount exploit, and recovering the root flag from a steganography image. |