Root TryHackMe HackTheBox PwnTillDawn ProvingGrounds Vulnyx HackMyVM Articles Projects
Whoami:~#
Oi 👋, I’m Olaoluwa, a 20-year-old achieving Senior Penetration Tester. This is a growing collection of structured public notes, quick writeups, and real-world hacking techniques I pick up as I learn and work xD….You can also view my web portfolio from here.
TryHackMe Writeups:~#
- [[June 23 2023]] Source
Webmin, Metasploit - [[June 24 2023]] Agent Sudo
BruteForce, Redirections, Steganography - [[Aug. 10 2023]] Simple CTF
Unauthenticated SQLI, Encoding - [[Sep. 07 2023]] ZSCTF1
Authorization Bypass, Pass-The-Hash - [[Sep. 10 2023]] Kiba
Prototype Pollution, RCE, Capabilities - [[Sep. 15 2023]] ZSCTF2
RCE, Docker Privilege Escalation - [[Sep. 17 2023]] ZSCTF4
WP-Unauthenticated RCE, Cron jobs, Nano priv Esc - [[Sep. 22 2023]] Bounty Hunter
SSH bruteforce, Tar Privilege Escalation - [[Oct. 19 2023]] Lazy Admin
File Disclosure, RCE, Sudo privilege escalation - [[Oct. 19 2023]] tomghost
File read/inclusion, .pgp/.asc decryption, zip Priv Esc via Sudo - [[Oct. 19 2023]] Ignite
Fuel CMS RCE, Passowrd in Config file - [[Oct. 20 2023]] Startup
FTP file Inclusion, pcapng file analysis, cronjob - [[Oct. 20 2023]] Brooklyn Nine Nine
steganography, sudo privilege escalation - [[Oct. 20 2023]] Wgel CTF
leaked id_rsa, Priv Esc via wget - [[Oct. 21 2023]] Hijack
restricted nfs bypass, rate-limit bypass, cookie bruteforce, LD_LIBRARY_PATH priv esc - [[Oct. 23 2023]] Year of the Rabbit
steganography, sudo X vi Priv Esc - [[Oct. 24 2023]] Lian_Yu
ffuf, steganography, pkexec privilege escalation - [[Oct. 24 2023]] Gaming Server
ssh2john, lxd privilege escalation - [[Oct. 25 2023]] Chocolate Factory
Command injection, lateral movement, vi privilege escalation - [[Oct. 26 2023]] ColddBox
wpscan, RCE, vim privilege escalation - [[Nov. 24 2023]] Plotted-TMS
Enumeration, Unrestricted File Upload, doas x openssl privilege escalation - [[Feb. 03 2024]] Reset
SMB Ntlm_Theft, BloodHound, Abusing ACEs, Constrained Delegations - [[Feb. 09 2024]] Kenobi
Information disclosure, ProFTPd Mod_copy (CVE-2015-3306), Path Variable Manipulation - [[Mar. 08 2024]] Opacity
Remote file Upload, .kdbx decryption, PHP privilege escalation - [[Mar. 11 2024]] Retro
Directory fuzzing, wpscan, SeImpersonatePrivilege - [[Jul. 05 2024]] Publisher
Fuzzing, SPIP form PHP Injection, Broken IAM, Apparmor - [[Apr. 02 2025]] Smol
Wordpress, LFI, Code Review, RFI, Hash Cracking, Lateral Movements
HackTheBox Writeups:~#
- [[Aug. 7 2023]] irked
Enumeration, IRCD, Steganography - [[Aug. 10 2023]] Templated
Flask, SSTI, RCE - [[Aug. 10 2023]] Phonebook
LDAP, Bruteforcing - [[Aug. 11 2023]] Bounty Hunter
XXE injection, Python Privilege Escalation - [[Aug. 11 2023]] Valentine
CVE-2014-0160, SSH, Tmux Priv_Esc - [[Aug. 12 2023]] Precious
exiftool, ruby, Insecure Deserialization - [[Aug. 15 2023]] Cap
pcap file, FTP, SSH, Capabilities - [[Aug. 15 2023]] Knife
PHP 8.1.0-dev, RCE, GTFOBINS - [[Aug. 18 2023]] Antique
JetDirect Password Disclosure, Pivoting, Root-File Read - [[Sep. 14 2023]] Broker
ActiveMQ RCE(CVE-2023-46604), Nginx Privilege Escalation - [[Nov. 14 2023]] Lame
Username Command execution, Manual exploit - [[Nov. 22 2023]] Beep
curl, Elastix LFI
PwnTillDawn Writeups:~#
- [[Jul. 028 2023]] Mr. Blue
MS017-010, Eternal Blue, Manual Exploitation - [[Sep. 04 2023]] Morty
Steganography, PhpMyAdmin 4.8.1, RCE - [[Sep. 06 2023]] Stuntman Mike
SSH Brute force, Sudo Privilege Escalation - [[Sep. 16 2023]] Junior Dev
Bruteforcing, Jenkins RCE, Pivoting, Python Command Injection - [[Nov. 06 2023]] ElMariachi-PC
ThinVNC Authentication Bypass, RDP - [[Nov. 06 2023]] Silence
LFI, Enumeration, Loops, Sudo Privilege Escalation
ProvingGrounds Writeups:~#
- [[Jun. 09 2023]] dc-2
GTFOBins, Restricted Environment, Brute forcing - [[Feb. 20 2024]] Muddy
XXE Injection (CVE-2019-1010268), Credential theft, PUT-method-WebDav, Cronjob privilege escalation - [[Feb. 20 2024]] Filmsy
Remote Code Execution, Cron Privilege Escalation - [[Feb. 20 2024]] Pebbbles
Reflected XSS, Local File Inclusion, SQLi to RCE - [[Feb. 24 2024]] Codo
Default Credentials, File Upload to RCE, Priv Esc via Information Disclosure (PHP Config file) - [[Feb. 24 2024]] Hub
Information Disclosure, File Upload, Remote Code Execution - [[Feb. 24 2024]] Exfiltrated
CVE-2018-19422-SubrionCMS-RCE, Cron Jobs, CVE-2021-22204(ExifTool)-Arbitrary Code Execution - [[May. 29 2024]] Exghost
FTP Bruteforce, Wireshark, CVE-2021-22204, CVE-2021-4034 - [[June 14 2024]] Hutch
Enumeration, Password in description, Password spraying, ms-mcs-AdmPwd abuse, DCSync - [[July 08 2024]] AuthBy
Password guessing/cracking, Arbitrary file upload --> RCE, SeImpersonatePrivilege(Juicy-Potato) - [[Aug. 10 2024]] Nickel
GET2POST, hardcoded credentials, pdf2john, API privilege escalation - [[Aug. 10 2024]] Shenzi
Least Privilege Violation(SMB), Guessable WP endpoint, PrivEsc; misconfigured registry settings(AlwaysInstallElevated) - [[Aug. 10 2024]] Slort
RFI2RCE, PrivEsc; Scheduled Task - [[Aug. 15 2024]] Nara
ACtive Directory, Phishing(.LNK upload to NTLM Theft), Crackmapexec, RID Brute, Bloodhound, ADCS(ESC1) - [[Aug. 15 2024]] BackupBuddy
LFI, id_rsa decryption, SUID PrivEsc
Vulnyx Writeups:~#
HackMyVM Writeups:~#
- [[Oct. 27 2023]] Gift
SSH bruteforce - [[Oct. 28 2023]] Hommie
UDP tftp, id_rsa, environment variable manipulation - [[Nov. 06 2023]] Alzheimer
Port Knocking, SUID privilege escalation - [[Nov. 17 2023]] Driftingblues6
Bruteforce, Unrestricted File Upload, Dirty Cow(CVE-2016-5195) - [[Dec. 06 2023]] WebMaster
Zone transfer, Nginx Privilege Escalation - [[May. 29 2024]] 036
OSINT, Wifi - [[May. 31 2024]] 036
OSINT, G-Maps, Methodology - [[Oct. 17 2024]] PingMe
tcpdump, packet sniffing, ICMP - [[Oct. 17 2024]] Noob
directory fuzzing, symbolic links
Live Jeopardy CTF Writeups:~#
- [[Aug. 27 2023]] Ecowas CTF
- [[Dec. 15 2023]] IWCON CTF
- MAIL: olakjosh@gmail.com
Hey yoo! If you’re having any issues with my writeups or articles, feel free to send me a DM on Twitter @Sec_fortress. I’m always here to help! xD