RustyKey was one of those boxes that kept pulling me in the deeper I looked. What started as a bit of poking around turned into a fun chain of discoveries. In this write-up, I’ll share how I approa...

Why LDAP? In today’s enterprise environments, managing user identities, authentication, and access control across a growing number of systems is a critical challenge. LDAP (Lightweight Directory A...

I captured the user flag on the day the machine was released, but had trouble with root access because a certain deleted user couldn’t be restored. Gave it another shot today and finally rooted it!...

This write-up for the Active Directory challenge from LeHack CTF 2024. This challenge plunged into the depths of AD exploitation, testing our skills in navigating network environments, enumerating ...

This lab was part of 2024’s BarbHack hacking conference’s CTF and was created by mpgn who is known for his contributaions to NetExec. from oficial repo: Originally featured in the Barbhack 202...

Recon nmap scan: Starting Nmap 7.95 ( https://nmap.org ) at 2025-05-01 19:28 EDT Nmap scan report for nocturnal.htb (10.10.11.64) Host is up (0.19s latency). Not shown: 998 closed tcp ports (reset...

This a pretty straightforward machine that focuses on how to bypass pyjail as well as the ability to read a bash script. recon # Nmap 7.95 scan initiated Sun Mar 30 13:24:58 2025 as: /usr/lib/nmap...

Recon Nmap output # Nmap 7.94SVN scan initiated Sat Nov 23 04:38:55 2024 as: /usr/lib/nmap/nmap --privileged -sC -sV -T4 -p- -oN nmap.scan -vv --min-rate=10000 10.10.181.109 Increasing send delay f...

This machine necessitates a basic understanding of active directory and how to take use of both DCSync and GenericWrite misconfigurations. The author provides creds for initial access As is comm...

Another Mr. Robot themed box. Rustscan indicated that just two ports were open, so I used nmap to check both of them. # Nmap 7.94SVN scan initiated Thur Oct 31 09:17:50 2024 as: /usr/lib/nmap/nm...