Title: Mejiro Reflected XSS Via Remote File Inclusion Risk: 6.1 Medium CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Versions Affected: Before commit 3096393 Identifier: CVE-2023-46448 Authors: Aaro...

Name PC OS PC DIFFICULTY Easy Summary In my quest to conquer this machine, I initiated reconnaissance with an nmap s...

Enumeration In the initial phase of a penetration test, my first step is to conduct a scan using nmap. In a real-world scenario, this would start with a host discovery scan to identify machines, fo...

Name MonitorsTwo OS Linux DIFFICULTY Easy Reconnaissance The IP address given for MonitorsTwo is 10.10.11.211. I wil...

ScareCow ScareCrow serves as a framework designed for generating payloads that can be sideloaded, rather than injected, into a legitimate Windows process. This sideloading approach allows it to byp...

Notes Name Precious OS Linux RELEASE DATE 26 Nov 2022 DIFFICULTY Easy Port Scan I started by...

What is a Shadow Credential Within Active Directory, both user and computer objects possess an attribute named msds-KeyCredentialLink, which serves as a storage location for raw public keys. These ...

What Is A Constrained Delegation Attack Constrained delegation is a feature in Microsoft’s Active Directory that allows a service/account, to impersonate another service/account when accessing net...

Double Pivot Using Chisel Chisel is a powerful tool that allows you to create tunnels and pivot to internal resources and other networks. Suppose you have successfully compromised an external-facin...

Wifi Hacking Part 1 WPA Handshake A WPA handshake is a series of frames that are sent between a AP and a client to authenticate the client. These frame have the ability to be cracked using variou...