Myles Nieman
← All writeups

Very Easy

6 writeups

Certifried

Very Easy

Anonymous SMB enumeration on an Active Directory host reveals a readable share; null-session LDAP queries are not open, but unauthenticated SMB access …

Windows

BloodFlow

Very Easy

A publicly exposed n8n workflow automation instance is vulnerable to CVE-2026-21858, an unauthenticated arbitrary file read to RCE chain, yielding a …

Linux

ReactOOPS

Very Easy

A vulnerable React application is exploited via CVE-2025-55182 (react2shell), yielding unauthenticated remote code execution and a shell that reads …

Linux

Caring

Very Easy

An unauthenticated SMB Config share leaks a config.ini containing credentials for the user claudio; WinPEAS then surfaces Administrator credentials …

Windows

ADSelfService

Very Easy

An exposed ManageEngine ADSelfService Plus portal running version 6.1 is vulnerable to CVE-2021-40539 (REST API authentication bypass to RCE), …

Windows

Logonshell

Very Easy

A Microsoft Exchange Server 2019 RTM (15.2.221.12) on the edelweiss.htb domain is exploited via ProxyShell (CVE-2021-34473) — the auth bypass …

Windows