CyberSec Writeups

CyberSec Writeupshttps://mrbeetrootpwn.com/Recent content on CyberSec WriteupsHugoen-usTue, 26 May 2026 00:00:00 +0000Windows Privilege Escalation Cheatsheethttps://mrbeetrootpwn.com/tools-techniques/windows-privesc/Tue, 26 May 2026 00:00:00 +0000https://mrbeetrootpwn.com/tools-techniques/windows-privesc/A practical, ordered checklist for Windows local privilege escalation during labs, CTFs, and authorised internal testing.Linux Privilege Escalation Cheatsheethttps://mrbeetrootpwn.com/tools-techniques/linux-privesc/Mon, 25 May 2026 00:00:00 +0000https://mrbeetrootpwn.com/tools-techniques/linux-privesc/A practical Linux privilege escalation reference covering high-impact enumeration checks, common misconfigurations, credential hunting, container escapes, and last-resort kernel exploits.VulnLab: Breachhttps://mrbeetrootpwn.com/write-ups/vuln-breach/Mon, 23 Mar 2026 00:00:00 +0000https://mrbeetrootpwn.com/write-ups/vuln-breach/Active Directory machine demonstrating NTLM hash capture through a writable SMB share, Kerberoasting, MSSQL Silver Ticket abuse, and SeImpersonatePrivilege escalation.VulnLab: Baby2https://mrbeetrootpwn.com/write-ups/vuln-baby2/Sun, 22 Mar 2026 00:00:00 +0000https://mrbeetrootpwn.com/write-ups/vuln-baby2/Active Directory machine demonstrating SMB user enumeration, weak password reuse, writable logon script abuse, and GPO-based privilege escalation.VulnLab: Babyhttps://mrbeetrootpwn.com/write-ups/vuln-baby/Sat, 21 Mar 2026 00:00:00 +0000https://mrbeetrootpwn.com/write-ups/vuln-baby/Active Directory machine demonstrating anonymous LDAP enumeration, password reset abuse, SeRestorePrivilege execution, and manual NTDS extraction.HTB: Accesshttps://mrbeetrootpwn.com/write-ups/htb-access/Sat, 07 Mar 2026 00:00:00 +0000https://mrbeetrootpwn.com/write-ups/htb-access/Windows machine demonstrating anonymous FTP exposure, credential recovery from MDB and PST files, Telnet access, and stored credential abuse.HTB: Buffhttps://mrbeetrootpwn.com/write-ups/htb-buff/Thu, 05 Mar 2026 00:00:00 +0000https://mrbeetrootpwn.com/write-ups/htb-buff/Windows machine demonstrating unauthenticated file upload leading to CloudMe buffer overflow exploitation and administrator access.HTB: Bashedhttps://mrbeetrootpwn.com/write-ups/htb-bashed/Tue, 03 Mar 2026 00:00:00 +0000https://mrbeetrootpwn.com/write-ups/htb-bashed/Linux machine demonstrating exposed PHP web shell access, sudo-based lateral movement, and cron-driven privilege escalation.HTB: Arctichttps://mrbeetrootpwn.com/write-ups/htb-arctic/Mon, 02 Mar 2026 00:00:00 +0000https://mrbeetrootpwn.com/write-ups/htb-arctic/Windows machine demonstrating Adobe ColdFusion remote code execution and kernel-based privilege escalation to SYSTEM.HTB: Bountyhttps://mrbeetrootpwn.com/write-ups/htb-bounty/Sun, 01 Mar 2026 00:00:00 +0000https://mrbeetrootpwn.com/write-ups/htb-bounty/Windows machine demonstrating IIS upload bypass with web.config abuse and kernel exploit privilege escalation.HTB: Builderhttps://mrbeetrootpwn.com/write-ups/htb-builder/Sat, 21 Feb 2026 00:00:00 +0000https://mrbeetrootpwn.com/write-ups/htb-builder/Linux machine demonstrating Jenkins CLI arbitrary file read, Jenkins user hash extraction, credential cracking, and SSH key abuse for root access.HTB: BoardLighthttps://mrbeetrootpwn.com/write-ups/htb-boardlight/Wed, 18 Feb 2026 00:00:00 +0000https://mrbeetrootpwn.com/write-ups/htb-boardlight/Linux machine demonstrating vhost discovery, Dolibarr authenticated RCE, credential disclosure, and Enlightenment SUID privilege escalation.HTB: Busquedahttps://mrbeetrootpwn.com/write-ups/htb-busqueda/Sun, 15 Feb 2026 00:00:00 +0000https://mrbeetrootpwn.com/write-ups/htb-busqueda/Linux machine demonstrating Python eval command injection, credential reuse, Docker configuration disclosure, and sudo script abuse.HTB: Analyticshttps://mrbeetrootpwn.com/write-ups/htb-analytics/Fri, 19 Dec 2025 00:00:00 +0000https://mrbeetrootpwn.com/write-ups/htb-analytics/Linux machine demonstrating Metabase pre-auth RCE, Docker environment credential disclosure, and OverlayFS kernel exploitation.HTB: Brokerhttps://mrbeetrootpwn.com/write-ups/htb-broker/Thu, 18 Dec 2025 00:00:00 +0000https://mrbeetrootpwn.com/write-ups/htb-broker/Linux machine demonstrating Apache ActiveMQ CVE-2023-46604 exploitation and sudo nginx abuse for root access.HTB: Escapehttps://mrbeetrootpwn.com/write-ups/htb-escape/Sun, 09 Nov 2025 00:00:00 +0000https://mrbeetrootpwn.com/write-ups/htb-escape/Active Directory machine demonstrating MSSQL abuse leading to credential leakage and AD CS certificate abuse for full domain compromise.HTB: Cicadahttps://mrbeetrootpwn.com/write-ups/htb-cicada/Fri, 07 Nov 2025 00:00:00 +0000https://mrbeetrootpwn.com/write-ups/htb-cicada/Active Directory machine demonstrating exposed SMB data, credential reuse, and Backup Operators abuse to dump domain hashes.HTB: Foresthttps://mrbeetrootpwn.com/write-ups/htb-forest/Wed, 05 Nov 2025 00:00:00 +0000https://mrbeetrootpwn.com/write-ups/htb-forest/Active Directory machine demonstrating anonymous LDAP enumeration, AS-REP Roasting, nested group abuse, and DCSync-based domain compromise.HTB: Returnhttps://mrbeetrootpwn.com/write-ups/htb-return/Wed, 05 Nov 2025 00:00:00 +0000https://mrbeetrootpwn.com/write-ups/htb-return/Active Directory machine demonstrating LDAP credential capture through a printer admin panel, WinRM access, and Server Operators abuse leading to DCSync.HTB: Blackfieldhttps://mrbeetrootpwn.com/write-ups/htb-blackfield/Tue, 04 Nov 2025 00:00:00 +0000https://mrbeetrootpwn.com/write-ups/htb-blackfield/Active Directory machine demonstrating AS-REP Roasting, BloodHound-driven lateral movement, LSASS credential extraction, and Backup Operators abuse.HTB: Flighthttps://mrbeetrootpwn.com/write-ups/htb-flight/Sat, 01 Nov 2025 00:00:00 +0000https://mrbeetrootpwn.com/write-ups/htb-flight/Active Directory machine demonstrating NTLM hash capture, SMB abuse, password reuse, IIS pivoting, and SeImpersonatePrivilege escalation.HTB: Timelapsehttps://mrbeetrootpwn.com/write-ups/htb-timelapse/Fri, 31 Oct 2025 00:00:00 +0000https://mrbeetrootpwn.com/write-ups/htb-timelapse/Active Directory machine demonstrating exposed SMB backups, certificate-based WinRM access, PowerShell history credential discovery, and LAPS abuse.HTB: Monteverdehttps://mrbeetrootpwn.com/write-ups/htb-monteverde/Mon, 27 Oct 2025 00:00:00 +0000https://mrbeetrootpwn.com/write-ups/htb-monteverde/Azure AD Connect misconfiguration leading to credential extraction and domain compromise.HTB: Saunahttps://mrbeetrootpwn.com/write-ups/htb-sauna/Mon, 27 Oct 2025 00:00:00 +0000https://mrbeetrootpwn.com/write-ups/htb-sauna/Active Directory machine demonstrating username generation, AS-REP Roasting, AutoLogon credential discovery, and DCSync-based domain compromise.HTB: Activehttps://mrbeetrootpwn.com/write-ups/htb-active/Fri, 17 Oct 2025 00:00:00 +0000https://mrbeetrootpwn.com/write-ups/htb-active/Classic Active Directory machine demonstrating GPP credential exposure leading to Kerberoasting and domain compromise.VulnLab: Lockhttps://mrbeetrootpwn.com/write-ups/vuln-lock/Thu, 16 Oct 2025 00:00:00 +0000https://mrbeetrootpwn.com/write-ups/vuln-lock/Windows machine demonstrating Gitea access token exposure, repository-backed web deployment, mRemoteNG credential recovery, and PDF24 local privilege escalation.VulnLab: Job2https://mrbeetrootpwn.com/write-ups/vuln-job2/Wed, 15 Oct 2025 00:00:00 +0000https://mrbeetrootpwn.com/write-ups/vuln-job2/Windows machine demonstrating macro-based phishing, hMailServer database credential recovery, lateral movement over RDP, and Veeam Backup exploitation.VulnLab: Jobhttps://mrbeetrootpwn.com/write-ups/vuln-job/Mon, 13 Oct 2025 00:00:00 +0000https://mrbeetrootpwn.com/write-ups/vuln-job/Windows machine demonstrating phishing through a malicious LibreOffice document, IIS web root abuse, SeImpersonatePrivilege, and local administrator access through GodPotato and RunasCs.VulnLab: Escapehttps://mrbeetrootpwn.com/write-ups/vuln-escape/Sun, 12 Oct 2025 00:00:00 +0000https://mrbeetrootpwn.com/write-ups/vuln-escape/Windows kiosk-style machine demonstrating RDP access, file-system browsing through Edge, binary restriction bypass via renaming, password recovery from Remote Desktop Plus, and GUI-based UAC elevation.VulnLab: Datahttps://mrbeetrootpwn.com/write-ups/vuln-data/Tue, 20 May 2025 00:00:00 +0000https://mrbeetrootpwn.com/write-ups/vuln-data/Linux machine demonstrating Grafana arbitrary file read, Grafana credential cracking, SSH access, and Docker privileged container abuse.VulnLab: Synchttps://mrbeetrootpwn.com/write-ups/vuln-sync/Mon, 12 May 2025 00:00:00 +0000https://mrbeetrootpwn.com/write-ups/vuln-sync/Linux machine demonstrating anonymous rsync access, salted MD5 cracking, FTP-based SSH key placement, password reuse, and cronjob abuse.