Posts by Category

• infosec 37
• Review 5
• Infosec 5
• Vulns 3
• Certification 2
• Hacking 2
• CVE 2
• Pentesting 2

infosec

Builder HTB - WriteUp

April 23, 2024  

WriteUp de la máquina Builder de HTB.

ctf Linux Jenkins CVE Web

GoodGames HTB - WriteUp

March 26, 2023  

WriteUp de la máquina GoodGames de HTB.

ctf Linux Writeup Web-Enum SQLI SSTI Docker Privesc

Teacher HTB - WriteUp

March 17, 2023  

WriteUp de la máquina Teacher de HTB.

ctf Linux Writeup Web-Enum Moodle Python-Script CVE

TheNoteBook HTB - WriteUp

March 16, 2023  

WriteUp de la máquina TheNoteBook de HTB.

ctf Linux Writeup Web JWT WebShell Docker

NodeBlog HTB - WriteUp

March 15, 2023  

WriteUp de la máquina NodeBlog de HTB.

ctf Linux Writeup Web NoSQL XXE Deserialization Data-Exposure Mongo

Canape HTB - WriteUp

March 14, 2023  

WriteUp de la máquina Canape de HTB.

ctf Linux Writeup Web Git Deserialization CouchDB

Nunchucks HTB - WriteUp

March 13, 2023  

WriteUp de la máquina Nunchucks de HTB.

ctf Linux Writeup Web-Enumeration SSTI Capabilities AppArmor

Sizzle HTB - WriteUp

March 12, 2023  

WriteUp de la máquina Sizzle de HTB.

ctf Windows Writeup SMB-Enumeration SCF-File Web-Enumeration CA-Certificate Kerberoasting DCSync

Backend HTB - WriteUp

March 09, 2023  

WriteUp de la máquina Backend de HTB.

ctf Linux Writeup Web-Enumeration Web-Fuzzing API Read-Logs

Celestial HTB - WriteUp

March 08, 2023  

WriteUp de la máquina Celestial de HTB.

ctf Linux Writeup Web-Enumeration Deserialization-Attack Crontab

Cap HTB - WriteUp

March 07, 2023  

WriteUp de la máquina Cap de HTB.

ctf Linux Writeup Web-Enumeration PCAP Capabilities

WebHackingPlayground - WriteUp

March 06, 2023  

WriteUp de WebHackingPlayground creado por Takito.

ctf Web Writeup JWT XSS Open-Redirect OTP SSTI SMTP

Secret HTB - WriteUp

March 05, 2023  

WriteUp de la máquina Secret de HTB.

ctf Linux Writeup Web-Enumeration API JWT GIT RCE SUID

Mango HTB - WriteUp

March 04, 2023  

WriteUp de la máquina Mango de HTB.

ctf Linux Writeup Web-Enumeration NoSQLI Password-Reuse SUID

Squashed HTB - WriteUp

March 03, 2023  

WriteUp de la máquina Squashed de HTB.

ctf Linux Writeup NFS Web-Shell Magic-Cookies X11

Carrier HTB - WriteUp

March 03, 2023  

WriteUp de la máquina Carrier de HTB.

ctf Linux Writeup Web-Enumeration RCE BGP-Hijack

Joker HTB - WriteUp

March 02, 2023  

WriteUp de la máquina Joker de HTB.

ctf Linux Writeup SQUID TFPT Web-Enumeration Suedoedit Tar

Blackfield HTB - WriteUp

March 01, 2023  

WriteUp de la máquina Blackfield de HTB.

ctf Windows Writeup SMB-Enumeration ASREPRoast ForceChangePassword LSASS-DUMP Backup-Operators

Ambassador HTB - WriteUp

March 01, 2023  

WriteUp de la máquina Ambassador de HTB.

ctf Linux Writeup Grafana Direcctory-Traversal Consul-Exploit MySQL SQLITE3

Knife HTB - WriteUp

February 28, 2023  

WriteUp de la máquina Knife de HTB.

ctf Linux Writeup Web CVE Sudo-Abuse

Bart HTB - WriteUp

February 28, 2023  

WriteUp de la máquina Bart de HTB.

ctf Windows Writeup Web Username-Enumeration BruteForce LogPoison SeImpersonatePrivilege

LocalPotato-CVE-2023-21746

February 27, 2023  

Explotando el PoC de LocalPotato-CVE-2023-21746.

PoC Windows CVE DLL Potato

AI HTB - WriteUp

February 27, 2023  

WriteUp de la máquina AI de HTB.

ctf Linux Writeup AI SQLI JDWP

Monteverde HTB - WriteUp

February 26, 2023  

WriteUp de la máquina Monteverde de HTB.

ctf Windows Writeup RPC-Enum Null-Session BruteForce Azure Group-Abuse

Querier HTB - WriteUp

February 23, 2023  

WriteUp de la máquina Querier de HTB.

ctf Windows Writeup MSSQL NTLMv2 xp_cmdshell Cached GPP Files

Tentacle HTB - WriteUp

February 22, 2023  

WriteUp de la máquina Tentacle de HTB.

ctf Linux Writeup SQUID CVE Kerberos

Mantis HTB - WriteUp

February 22, 2023  

WriteUp de la máquina Mantis de HTB.

ctf Windows Writeup Web_Enumeration MSSQL Kerberos

Frank & Herby THM - WriteUp

February 22, 2023  

WriteUp de la máquina Frank & Herby de THM.

ctf BadPod Writeup git-leak MicroK8s Kubernetes

Forest HTB - WriteUp

February 20, 2023  

WriteUp de la máquina Forest de HTB.

ctf Windows Writeup RPC-Enum Null-Session ASREPRoast Account Operators WriteDacl

Validation HTB - WriteUp

February 20, 2023  

WriteUp de la máquina Validation de HTB.

ctf Linux Writeup SQLI Scripting PasswordLeaked

Oz HTB - WriteUp

February 20, 2023  

WriteUp de la máquina Oz de HTB.

ctf Linux Writeup Docker SSTI PIVOTING SQLI

Europa HTB - WriteUp

February 19, 2023  

WriteUp de la máquina Europa de HTB.

ctf Linux Writeup Virtual_Hosting SQLI Pre_Replace Crontab

DevOops HTB - WriteUp

February 19, 2023  

WriteUp de la máquina DevOops de HTB.

ctf Linux Writeup Web-Fuzzing XXE Git

Active HTB - WriteUp

February 18, 2023  

WriteUp de la máquina Active de HTB.

ctf Windows Writeup AD SMB

SteamCloud HTB - WriteUp

February 16, 2023  

WriteUp de la máquina SteamCloud de HTB.

ctf BadPod Writeup API Kubernetes

DarkHole:2 - WriteUp

January 24, 2023  

WriteUp de la máquina DarkHole:2 de Vulnhub.

ctf WriteUp SQLI Data Exfiltration

eWPT - Review

January 12, 2023  

Esto es una review de la certificación de Elearn Security, donde os cuento mi experiencia.

ctf certificates

Back to Top ↑

Review

Analysis of a Vulnerability in H6Web, Hacking Holy Week - My First CVEs

February 13, 2025  

Discovery and analysis of two critical vulnerabilities (IDOR and XSS) in H6Web, resulting in my first assigned CVEs.

Web Pentesting IDOR Insecure Direct Object Reference Reflected XSS CVE H6Web

Análisis de una Vulnerabilidad en H6Web, hackeando la Semana Santa - Mis Primeros CVEs

February 13, 2025  

Descubrimiento y análisis de dos vulnerabilidades críticas (IDOR y XSS) en H6Web, resultando en mis primeros CVEs asignados.

Pentesting Web IDOR Insecure Direct Object Reference Reflected XSS CVE H6Web

Vulnerabilidad XSS Reflejada Encontrada en el Sitio Web de la Agencia Tributaria

September 04, 2024  

Informe de Vulnerabilidad XSS en la Web de la Agencia Tributaria

Pentesting Web Reflected XSS

Review[ES] - eCPPTv3

July 04, 2024  

Información, tips, cosas negativas y positivas sobre el eCPPTv3

Pivoting Linux Windows Active Directory Manual Explotation Information Gathering Reconnaissance Exploit Development Pentesting Web

Review[EN] - eCPPTv3

July 04, 2024  

Information, tips, negative and positive things about eCPPTv3

Pivoting Linux Windows Active Directory Manual Explotation Information Gathering Reconnaissance Exploit Development Pentesting Web

Back to Top ↑

Infosec

Analysis of a Vulnerability in H6Web, Hacking Holy Week - My First CVEs

February 13, 2025  

Discovery and analysis of two critical vulnerabilities (IDOR and XSS) in H6Web, resulting in my first assigned CVEs.

Web Pentesting IDOR Insecure Direct Object Reference Reflected XSS CVE H6Web

Análisis de una Vulnerabilidad en H6Web, hackeando la Semana Santa - Mis Primeros CVEs

February 13, 2025  

Descubrimiento y análisis de dos vulnerabilidades críticas (IDOR y XSS) en H6Web, resultando en mis primeros CVEs asignados.

Pentesting Web IDOR Insecure Direct Object Reference Reflected XSS CVE H6Web

Vulnerabilidad XSS Reflejada Encontrada en el Sitio Web de la Agencia Tributaria

September 04, 2024  

Informe de Vulnerabilidad XSS en la Web de la Agencia Tributaria

Pentesting Web Reflected XSS

Review[ES] - eCPPTv3

July 04, 2024  

Información, tips, cosas negativas y positivas sobre el eCPPTv3

Pivoting Linux Windows Active Directory Manual Explotation Information Gathering Reconnaissance Exploit Development Pentesting Web

Review[EN] - eCPPTv3

July 04, 2024  

Information, tips, negative and positive things about eCPPTv3

Pivoting Linux Windows Active Directory Manual Explotation Information Gathering Reconnaissance Exploit Development Pentesting Web

Back to Top ↑

Vulns

Analysis of a Vulnerability in H6Web, Hacking Holy Week - My First CVEs

February 13, 2025  

Discovery and analysis of two critical vulnerabilities (IDOR and XSS) in H6Web, resulting in my first assigned CVEs.

Web Pentesting IDOR Insecure Direct Object Reference Reflected XSS CVE H6Web

Análisis de una Vulnerabilidad en H6Web, hackeando la Semana Santa - Mis Primeros CVEs

February 13, 2025  

Descubrimiento y análisis de dos vulnerabilidades críticas (IDOR y XSS) en H6Web, resultando en mis primeros CVEs asignados.

Pentesting Web IDOR Insecure Direct Object Reference Reflected XSS CVE H6Web

Vulnerabilidad XSS Reflejada Encontrada en el Sitio Web de la Agencia Tributaria

September 04, 2024  

Informe de Vulnerabilidad XSS en la Web de la Agencia Tributaria

Pentesting Web Reflected XSS

Back to Top ↑

Certification

Review[ES] - eCPPTv3

July 04, 2024  

Información, tips, cosas negativas y positivas sobre el eCPPTv3

Pivoting Linux Windows Active Directory Manual Explotation Information Gathering Reconnaissance Exploit Development Pentesting Web

Review[EN] - eCPPTv3

July 04, 2024  

Information, tips, negative and positive things about eCPPTv3

Pivoting Linux Windows Active Directory Manual Explotation Information Gathering Reconnaissance Exploit Development Pentesting Web

Back to Top ↑

Hacking

Analysis of a Vulnerability in H6Web, Hacking Holy Week - My First CVEs

February 13, 2025  

Discovery and analysis of two critical vulnerabilities (IDOR and XSS) in H6Web, resulting in my first assigned CVEs.

Web Pentesting IDOR Insecure Direct Object Reference Reflected XSS CVE H6Web

Análisis de una Vulnerabilidad en H6Web, hackeando la Semana Santa - Mis Primeros CVEs

February 13, 2025  

Descubrimiento y análisis de dos vulnerabilidades críticas (IDOR y XSS) en H6Web, resultando en mis primeros CVEs asignados.

Pentesting Web IDOR Insecure Direct Object Reference Reflected XSS CVE H6Web

Back to Top ↑

CVE

Analysis of a Vulnerability in H6Web, Hacking Holy Week - My First CVEs

February 13, 2025  

Discovery and analysis of two critical vulnerabilities (IDOR and XSS) in H6Web, resulting in my first assigned CVEs.

Web Pentesting IDOR Insecure Direct Object Reference Reflected XSS CVE H6Web

Análisis de una Vulnerabilidad en H6Web, hackeando la Semana Santa - Mis Primeros CVEs

February 13, 2025  

Descubrimiento y análisis de dos vulnerabilidades críticas (IDOR y XSS) en H6Web, resultando en mis primeros CVEs asignados.

Pentesting Web IDOR Insecure Direct Object Reference Reflected XSS CVE H6Web

Back to Top ↑

Pentesting

Analysis of a Vulnerability in H6Web, Hacking Holy Week - My First CVEs

February 13, 2025  

Discovery and analysis of two critical vulnerabilities (IDOR and XSS) in H6Web, resulting in my first assigned CVEs.

Web Pentesting IDOR Insecure Direct Object Reference Reflected XSS CVE H6Web

Análisis de una Vulnerabilidad en H6Web, hackeando la Semana Santa - Mis Primeros CVEs

February 13, 2025  

Descubrimiento y análisis de dos vulnerabilidades críticas (IDOR y XSS) en H6Web, resultando en mis primeros CVEs asignados.

Pentesting Web IDOR Insecure Direct Object Reference Reflected XSS CVE H6Web

Back to Top ↑