• Use rsync service to synchronize the directory.
  • Decrypt files obtained from rsync service ( encfs encoded )
  • Access the cache manager to get information regarding hosts.
  • Use XPath injection to get credentials
  • SSH tunneling to access pihole HTTP service and CVE for exploit.

Nmap Scan


This box is all about enumeration .


  • Directory busting to get the admin portal and todo.txt file.
  • Brute force password.
  • Exploit the file upload vulnerability to get the shell.
  • Enumerate the machine to escalate privilege.
  • Find exploits to bypass the restricted ability.


# nmap -T4 -p- -A -o nmap…

Real pentest findings combined

alpine real world git seclists

Task 1: Hack your way and try harder

The machine is completly inspired by real world pentest findings. Perhaps you will consider them very challanging but without any rabbit holes. …

Here is a hint if you want to try it on your own. Reverse engineer the fixutil binary. It modifies a library file. Reverse engineer that library file as well.


What it says is, Alex works at Recoverysoft. He and his colleague got an email with a binary file. The…

Roshan Guragain

Infosec Enthusiast

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store