Intigriti Challenge 1025
Shopfix is a website that helps us render images from a URL, but… could that be the only thing it lets us do? Discover the solution(s) to this fun October challenge.
Posts by Year
2025
2024
Tenet - HackTheBox (OSCP STYLE)
During the process of resolving Tenet, I faced several challenges, since I worked as an Application Tester I could easy indefy a vulnerability in a backup code, also inside the machine I achieve the privilege escalation through a race condition, this machine is perfect for Developers that want to make their code more secure.
Topology - HackTheBox (OSCP STYLE)
During the process of resolving Topology, I faced several challenges, such as identifying a latex injection and .htpasswd that is a flat-file used to store usernames and password for basic authentication on an Apache HTTP Server.. To overcome these obstacles, I employed a methodology based on the OSCP.
2023
GateKeeper - TryHackMe (OSCP STYLE)
Can you get past the gate and through the fire?
This machine from the buffer overflow group presents us with two challenges: discovering a buffer overflow in an application and escalating privileges. The only hint I’m going to give you is that enumeration and lateral thinking are important.
Buffer Overflow Prep (OSCP STYLE)
Even though buffer overflow is no longer included in the OSCP certification, I believe it is still a very interesting technique that everyone should be familiar with. That’s why in this write-up, we will explain how to perform one manually.
BrainStorm - TryHackMe (OSCP STYLE)
Reverse engineer a chat program and write a script to exploit a Windows machine, this is the introduction that TryHackme gives to Brainstorm machine, flagged as Medium difficulty, now continuing with the OSCP methodology we’ll pwn it throgh manual actions.
Relevant - TryHackMe (OSCP STYLE)
You have been assigned to a client that wants a penetration test conducted on an e nvironment due to be released to production in seven days.
With this introduction, TryHackMe proposes us the following challenge, basically they ask us to perform a black box pentest simulating that we are going to test the security of an application that will go into production in 7 days
OverPass 2 - TryHackMe (OSCP STYLE)
In this challenge, we put ourselves in the shoes of a cybersecurity analyst to investigate an attack on our network. By analyzing a Wireshark packet capture, we will discover how the attackers gained access, and the most interesting part…we’ll hack them back.
DailyBugle - TryHackMe (OSCP STYLE)
Welcome to DailyBugle CTF machine! This challenge involves exploiting a vulnerable version of Joomla, plaintext passwords, and an escalation of privileges through yum. Your objective is to gain access to the system by identifying and exploiting these vulnerabilities.
Skynet - TryHackMe (OSCP STYLE)
In this post, I will be explaining the resolution of a CTF machine that features vulnerabilities such as visible shared resources and cron tasks with administrator permissions. CTF machines are designed to simulate real-world cybersecurity challenges, and in this case, we will be exploring the steps to overcome the security measures of this particular machine. By understanding the techniques used to exploit these vulnerabilities, we can gain valuable insights into the importance of proper security measures and the risks associated with failing to implement them
HackPark - TryHackMe (OSCP STYLE)
This is a write-up for the HackPark machine on the TryHackme platform. We tackled this pentesting exercise using the approach and methodology of OSCP. We’ll be using the JuicyPotato tool to get access as admin user
GameZone - TryHackMe (OSCP STYLE)
On TryHackMe, the challenge of the Game ZOne Machine is to be solved either through SQLiMap or manually. This machine runs on Linux operating system. For this particular challenge, the manual approach will be followed to solve it, you’ll see my method to find manual SQLi and retrive all the data from the victim’s database
Alfred - TryHackMe (OSCP STYLE)
During the process of resolving Alfred, I faced several challenges, such as identifying default credentials and using tools like Juicy Potato. To overcome these obstacles, I employed a methodology based on the OSCP.
Internal - TryHackMe (OSCP STYLE)
In this machine, we put ourselves in a real-world scenario where we are asked to perform a black-box penetration test on a system to uncover its vulnerabilities. There are no hints, and we only know that automated tools are not an option for us.
SteelMountain - TryHackMe (OSCP STYLE)
On TryHackMe, the challenge of the Steel Mountain Machine is to be solved either through Metasploit or manually. This machine runs on Windows operating system. For this particular challenge, the manual approach will be followed to solve it.