tl;dr

• RCE by uploading web.config
• Windows IIS 7.5
• MS10-059: Vulnerabilities in the Tracing Feature for Services Could Allow Elevation of Privilege

tl;dr

• File recovery from the memory dump
• Environment variables analysis.
• RAR and Zip password cracking.
• Cracking Windows user password hash.
• Extracting Keepass Master Password from keystrokes of logged data.

tl;dr

• Retrieving the flag from Samba SMB workgroup guest.

tl;dr

• Anonymous login to FTP server.
• Retrieve SSH login username and password from Firefox History

tl;dr

• SQL Injection
• Linpeas Priv-Esc

tl;dr

• The dump has some encrypted functions
• The encrypted bytes are being xorred with a 32 byte key
• Find the xor_key in the dump
• Use xor_key offset to find the offset of AES_key and iv
• AES_CBC decrypt to find flag

tl;dr

• Shellshock
• Local File Inclusion

Cracking the Arctic Box.

tl;dr

• Adobe ColdFusion 8
• MS10-059
• CVE-2009-2265

Cracking Valentine box without using metasploit.

tl;dr

• HeartBleed Vulnerability
• CVE-2014-0160

How to crack Nibbles box without Metasploit.

tl;dr

• Nibbleblog v4.0.3 Code Execution
• CVE-2015-6967