██████╗ ███████╗██████╗     ████████╗███████╗ █████╗ ███╗   ███╗
██╔══██╗██╔════╝██╔══██╗    ╚══██╔══╝██╔════╝██╔══██╗████╗ ████║
██████╔╝█████╗  ██║  ██║       ██║   █████╗  ███████║██╔████╔██║
██╔══██╗██╔══╝  ██║  ██║       ██║   ██╔══╝  ██╔══██║██║╚██╔╝██║
██║  ██║███████╗██████╔╝       ██║   ███████╗██║  ██║██║ ╚═╝ ██║
╚═╝  ╚═╝╚══════╝╚═════╝        ╚═╝   ╚══════╝╚═╝  ╚═╝╚═╝     ╚═╝

Infos

This repository includes pentest writeups, methodologies, and a checklist for effective security assessments. (WOP)

Pentests

The following pentests are organized in a sequence recommended for beginners.

🟦 Step 1 :

• Topoo:1 Pentest - Exposed sensitive information and SUID privesc

🟩 Step 2 :

• SickOs 1.1 Pentest - CMS upload, cron job, password leak
• Dina 1.0.1 Pentest - Weak directory permissions, exposed passwords, binary executed as root
• Unknowndevice64 Pentest - Steganography, restricted shell, SUID privesc
• Stapler Pentest - Anonymous FTP, WordPress bruteforcing, plugin exploitation, insecure bash history
• Eric Pentest - Web shell upload and backup exploit
• 02 - Breakout Pentest - Decoding, user enumeration, Webmin exploit and misconfigured tar utility
• Horizontall Pentest - Directory traversal, UDP port exploration, known exploits, and 0-DAY exploit

🟨 Step 3 :

• RouterSpace Pentest - APK proxy, command injection, and Sudo exploit
• Pandora Pentest - SQLi and Web shell upload
• Driver Pentest - WinRM, Cracking, and "printer nightmare" Exploit
• Paper Pentest - WordPress enumeration, Rocket.Chat plugin exploit, PWNkit

🟥 Step 4 :

• PwnLab Pentest - LFI, MIME bypass, Cookie manipulation, Setuid binary
• Shibboleth Pentest - Subdomain Enumeration, IPMI enum, Cracking, and Mariadb exploit
• Backdoor Pentest - Source code analysis, Strapi vulnerabilities, and 0-DAY exploit
• Secret Pentest - API exploit, 0-DAY privesc, and creative SUID privilege escalation