Myles Nieman
← All writeups

Hard

9 writeups

Freelancer

Hard

An IDOR in a base64-encoded OTP URL allows hijacking an admin account on a freelancer platform, exposing an MSSQL terminal; privilege escalation …

Windows

OpenAD

Hard

A default-credentialed Apache ActiveMQ 5.18.2 console on a Windows domain controller is exploited via CVE-2023-46604 for initial access; a Kerberos …

Windows

Playground

Hard

A Windows domain controller with restricted anonymous access is probed with SMB null sessions, kerbrute, and extensive RPC endpoint mapping; the notes …

Windows

Resource

Hard

A zip-upload feature on an SSH key management web app is exploited via a PHP pearcmd LFI-to-RCE trick to land a webshell as www-data; uploaded zip …

Linux

Search

Hard

A password embedded in a webpage image seeds a chain through SMB Kerberoasting, password spraying, and an Excel spreadsheet full of plaintext …

Windows

Pirate

Hard

Starting with provided pentest credentials against a Windows domain controller, BloodHound reveals two Kerberoastable accounts; the ADM service ticket …

Windows

Object

Hard

An open Jenkins registration on port 8080 lets an attacker create a job that executes arbitrary commands as oliver; Jenkins credential files are …

Windows

Blackfield

Hard

Anonymous SMB access to a profiles share leaks hundreds of domain usernames; AS-REP roasting cracks the support account’s hash, and BloodHound …

Windows

Lantern

Hard

A Skipper proxy CVE-2022-38580 SSRF exposes an internal Blazor WebAssembly app whose DLL contains base64-encoded admin credentials; those credentials …

Linux