Welcome

User flag Started by doing some nmap scans: The only interesting port seems to be port 80, so lets enumerate it. Found a statistics vhost but returning a 401 unauthorized http code: Still, gonna add it to the /etc/hosts file. Going to this subdomain, we are asked for credentials: The login form is simply sending the username and password, base64 encoded, in the authorization header: I also did a dir scan on the page, but only got the expected results, except for a messages page:...

User Flag Started by doing some nmap scans: I tried to do some enumeration with vhost and dirs, but didn’t find anything interesting so lets look at the website: Very simple page. When we login we see that we can upload a cif file and the view it: I tried changing the file on request and doing some injections, but couldn’t get anything to work. But, searching for an exploit for cif files found something interesting:...

User Flag We start by doing the usual nmap scans: For now, in the nmap scan we can notice some interesting things: there is a ghost 5.58 and a /ghost dir. Let’s move on. Two ports open: ssh and http. Starting with port 80 we do our typical vhost and dir scans on it. There is a dev vhost, so let’s add it to the /etc/hosts file, and do a dir scan on it: We collected a lot of useful information with theses scans....

User Flag I started by doing some nmaps scans: I did some dir and dns enumeration on port 80, but couldn’t find anything, so let’s check the website: On the website, I found nothing of interest except a download link for an apk file, so let’s download it and extract the code. To do this I used a visual code extension: Looking for config files in the extracted code I found: This means that there are two other vhosts for the application so let’s add them to the /etc/hosts file....

I’m excited to share that, as of April 3rd of 2025, I’ve officially passed the Certified Penetration Testing Specialist (CPTS) exam by HackTheBox! For those unfamiliar, CPTS is a hands-on certification focused on real-world penetration testing techniques. It covers the full pentesting lifecycle — from information gathering to post-exploitation — and is known for its practical, lab-based approach. The exam itself was a 10 days hands-on assessment where I had to compromise 8 different machines organized in a lab resembling a real life scenario....

Moving away from Medium With the launch of this blog, my Medium profile is no longer necessary. I wasn’t entirely satisfied with Medium, as many of its best features were locked behind paywalls, so I don’t consider this a loss. Nonetheless, here is a link to my previous profile, where you can find my past posts. https://medium.com/@andremisidoro