Step-by-step walkthrough of TryHackMe's Thompson machine: chasing Ghostcat (CVE-2020-1938) down a dead end, stumbling into Tomcat Manager's default credentials, deploying a WAR reverse shell, and exploiting a writable cronjob script for root.
Step-by-step walkthrough of TryHackMe's Startup machine: directory enumeration with ffuf, uploading a PHP reverse shell via FTP, extracting SSH credentials from a pcap file, and exploiting a writable cronjob script for root access.
Step-by-step walkthrough of Hack The Box's Cap machine: discovering IDOR via pcap download, extracting FTP credentials from Wireshark, attempting CVE-2021-3156 (Baron Samedit), and exploiting Python's cap_setuid capability for root access.
Building a Linux keylogger from scratch: switching from pynput to evdev for system-wide capture, Telegram Bot exfiltration, volatile storage in /dev/shm, and stealth-oriented file naming.