Gobuster

DNS penetration testing guide covering zone transfer testing, subdomain enumeration, DNS cache snooping, and DNS amplification attacks using tools like Dig, DNSRecon, Fierce, and Sublist3r for security assessments and ethical hacking.

Web enumeration techniques for penetration testing using Gobuster, Ffuf, Dirb, and Nuclei to discover directories, files, virtual hosts, API endpoints, and security weaknesses in web applications during security assessments.

This is a walkthrough of the Mr. Robot themed Vulnhub box, located here: https://www.vulnhub.com/entry/mr-robot-1,151/

A medium CTF challenge that demonstrates a PHP Cookie Serialization Attack via preferences.php, leading to a reverse shell. Discover how the .Xauthority file was exploited to capture sensitive data, and learn about privilege escalation techniques used to gain root access without a password.

This box is exploited using OpenSSL's predictable PRNG to brute-force an SSH key, gaining access as another user. A sudo misconfiguration is then used to modify /etc/passwd, adding a root user, allowing privilege escalation and capturing the final flag.

Ephemeral 2 is a medium-level box involving Samba exploitation, reverse shells, and privilege escalation. Key steps include discovering open ports, brute-forcing SMB credentials, exploiting a "magic script," and leveraging cron jobs and writable profile scripts to gain root access..

The "Corrosion: 1" CTF involved exploiting log poisoning and path abuse for remote command execution and privilege escalation. Key steps included cracking a ZIP file password and exploiting a vulnerable script to gain root access, culminating in the capture of the root flag.

Vulnhub's Web Machine N7. Labeled as a medium difficulty box with a lot of directory enumeration and some use of sqlmap