Accedi | Registrati

Macchine e Sfide Risolte

Una raccolta di macchine e sfide provenienti da HackNow Lab, Hack The Box, TryHackMe e altre piattaforme. Ogni scheda mostra difficoltà, skill richieste, certificazioni correlate e la mia video-risoluzione completa.

Macchine Risolte
0 +
Piattaforme di Hacking
0 +
Competenze e Tecniche Pratiche
0 %

HackNow Lab

  • Link:  Hacknow Lab
  • Difficoltà: Easy
  • OS: Linux 
  • Certificazioni: CEH | CompTIA+ | eJPT |
  • Risoluzione Youtube: Video
  • Link:  HackNow Lab
  • Difficoltà: Easy
  • OS: Linux 
  • Certificazioni: CEH | CompTIA+ | eJPT |
  • Risoluzione Youtube: Video

HackTheBox

  • Link: Squashed (Easy) | Hack The Box
  • Difficoltà: Easy
  • OS: Linux 
  • Certificazioni: CEH | CompTIA+ | eJPT | eCPPT | OSCP
  • Skills:
    • NFS Enumeration
    • Abusing owners assigned to NFS shares by creating new users on the system (Get Access to Web Root)
    • Creating a web shell to gain system access
    • Abusing .Xauthority file (Pentesting X11)
    • Taking a screenshot of another user's display
  • Risoluzione Youtube: Video
  • Link: Devel (Easy) | Hack The Box
  • Difficoltà: Easy
  • OS: Windows
  • Certificazioni: CEH | CompTIA+ | eJPT | eCPPT | OSCP
  • Skills:
    • Abusing FTP + IIS Services
    • Creating an AutoPwn Script [Python Scripting]
    • Microsoft Windows (x86) – ‘afd.sys’ (MS11-046) [Privilege Escalation]
  • Risoluzione Youtube: Video
  • Link: Bank (Easy) | Hack The Box
  • Difficoltà: Easy
  • OS: Linux
  • Certificazioni: CEH | CompTIA+ | eJPT | eCPPT | OSCP
  • Skills:
    • Domain Zone Transfer Attack - AXFR (dig)
    • Information Leakage
    • Abusing File Upload [RCE]
    • Abusing SUID Binary [Privilege Escalation]
  • Risoluzione Youtube: Video
  • Link: Delivery (Easy) | Hack The Box
  • Difficoltà: Easy
  • OS: Linux
  • Certificazioni: CEH | CompTIA+ | eJPT | eWPT | 
  • Skills:
    • Virtual Hosting Enumeration
    • Abusing Support Ticket System
    • Access to MatterMost
    • Information Leakage
    • Database Enumeration - MYSQL
    • Cracking Hashes
    • Playing with hashcat rules in order to create passwords
    • Playing with sucrack to find out a user's password
  • Risoluzione Youtube: Video
  • Link: Lame (Easy) | Hack The Box
  • Difficoltà: Easy
  • OS: Linux
  • Certificazioni: CEH | CompTIA+ | eJPT |
  • Skills: 
  • Samba 3.0.20 < 3.0.25rc3 - Username Map Script [Command Execution]
  • Risoluzione Youtube: Video
  • Link: Mirai (Easy) | Hack The Box
  • Difficoltà: Easy
  • OS: Linux
  • Certificazioni: CEH | CompTIA+ | eJPT |
  • Skills: 
  • Gaining SSH Access Using Default Raspberry Credentials
  • Abusing Sudo Group [Privilege Escalation]
  • Risoluzione Youtube: Video
  • Link: Hack The Box :: Hack The Box
  • Difficoltà: Easy
  • OS: Linux
  • Certificazioni: eWPT | OSWE
  • Skills: 
  • Abusing declared Javascript functions from the browser console
  • Abusing the API to generate a valid invite code
  • Abusing the API to elevate our privilege to administrator
  • Command injection via poorly designed API functionality
  • Information Leakage
  • Privilege Escalation via Kernel Exploitation (CVE-2023-0386) - OverlayFS Vulnerability
  • Risoluzione Youtube: Video
  • Link: Dog (Easy) | Hack The Box
  • Difficoltà: Easy
  • OS: Linux
  • Certificazioni: eWPT 
  • Skills: 
  • Information Disclosure (.git) - GitHack
  • Information Leakage (Hardcoded passwords in code)
  • Creating a new malicious module for Backdrop (RCE)
  • Abusing sudoers privilege (bustom bee binary) [Privilege Escalation]
  • Risoluzione Youtube: Video
  • Link: Cat (Medium) | Hack The Box
  • Difficoltà: Medium
  • OS: Linux
  • Certificazioni: eWPT eWPTX OSWE
  • Skills: 
    • Web Enumeration
    • Information Disclosure (.git) - GitHack
    • PHP Code Analysis
    • XSS Exploitation
    • Manual Blind SQL Injection (sqlite) + Python Scripting [EXTRA]
    • Cracking Hashes
    • Abusing adm group (Reading Apache log files)
    • Local Port Forwarding + Gitea Exploitation
    • Gitea 1.22.0 Exploitation (Stored XSS) [CVE-2024-6886]
    • Reading a password from an internal Gitea project via XSS [Privilege Escalation]
  • Risoluzione Youtube: 
  • Link: Strutted (Medium) | Hack The Box
  • Difficoltà: Medium
  • OS: Linux
  • Certificazioni: eWPT eWPTXv2 OSWE
  • Skills: 
    • Information Leakage
    • Apache Struts Exploitation [CVE-2024-53677]
    • Apache Struts,
    • Interceptors and OGNL Expression Language Explained
  • Risoluzione Youtube: 
  • Link: Hack The Box :: Cap Machine
  • Difficoltà: Easy
  • OS: Linux
  • Certificazioni: eJPT
  • Skills: 
    • Insecure Directory Object Reference (IDOR)
    • Information Leakage
    • Abuse Capabilities (Python3.8) [Privilage Escalation]
  • Risoluzione Youtube

TryHackMe

  • Link:  TryHackMe | Simple CTF
  • Difficoltà: Easy
  • OS: Linux 
  • Certificazioni: CEH | CompTIA+ | eJPT |
  • Skills: Riconoscimento - CVE
  • Risoluzione Youtube: Video
  • Link:  TryHackMe | Vulnversity
  • Difficoltà: Easy
  • OS: Linux 
  • Certificazioni: CEH | CompTIA+ | eJPT | eWPT |
  • Skills: GoBuster - BurpSuite - SUID
  • Risoluzione Youtube: Video
  • Link: TryHackMe | Pickle Rick
  • Difficoltà: Easy
  • OS: Linux 
  • Certificazioni: CEH | CompTIA+ | eJPT |
  • Skills:Rick and Morty-themed challenge
  • Risoluzione Youtube: Video
  • Link: TryHackMe | Blue
  • Difficoltà: Easy
  • OS: Windows
  • Certificazioni: CEH | CompTIA+ | eJPT |
  • Skills: Metasploit - CVE
  • Risoluzione Youtube: Video
  • Link: TryHackMe | Kenobi
  • Difficoltà: Easy
  • OS: Linux 
  • Certificazioni: CEH | CompTIA+ | eJPT |
  • Skills: Samba - ProFTP
  • Risoluzione Youtube: Video
  • Link: Premium
  • Difficoltà: Easy
  • OS: Windows
  • Certificazioni: CEH | CompTIA+ | eJPT |
  • Skills: Meterpreter - CVE - PrivEsc
  • Risoluzione Youtube: Video
  • Link: Premium
  • Difficoltà: Easy
  • OS: Linux
  • Certificazioni: CEH | CompTIA+ | eJPT |
  • Skills: CMS - CVE - PrivEsc
  • Risoluzione Youtube: Video
  • Link: TryHackMe | Overpass
  • Difficoltà: Easy
  • OS: Linux
  • Certificazioni: CEH | CompTIA+ | eJPT |
  • Skills: Gobuster - id_rsa
  • Risoluzione Youtube: Video
  • Link: Premium
  • Difficoltà: Medium
  • OS: Linux
  • Certificazioni: CEH | CompTIA+ | eJPT | eCPPT |
  • Skills: BruteForce - Burpsuite - CVE - CMS - MSFvenom - Metrpreter
  • Risoluzione Youtube: Video
  • Link: Premium
  • Difficoltà: Easy
  • OS: Linux
  • Certificazioni: CEH | CompTIA+ | eJPT |
  • Skills: SQL Injection - ssh
  • Risoluzione Youtube: Video
  • Link: Premium
  • Difficoltà: Medium
  • OS: Linux
  • Certificazioni: CEH | CompTIA+ | eJPT | eWPT | OSCP |
  • Skills: Burpsuite - Hydra - System Enumeration - PrivEsc
  • Risoluzione Youtube: Video
  • Link: TryHackMe | Daily Bugle
  • Difficoltà: Hard
  • OS: Linux
  • Certificazioni: CEH | CompTIA+ | eJPT | eWPT | OSCP |
  • Skills: CMS - Php script - PrivEsc
  • Risoluzione Youtube: Video
  • Link: TryHackMe | Overpass 2 - Hacked
  • Difficoltà: Easy
  • OS: Linux
  • Certificazioni: CEH | CompTIA+ | eJPT | eWPT |
  • Skills: Whireshark - Analisi pacchetti di rete
  • Risoluzione Youtube: Video
  • Link: TryHackMe | Relevant
  • Difficoltà: Medium
  • OS: Windows
  • Certificazioni: CEH | CompTIA+ | eJPT | eCPPT |
  • Skills: SMB - IIS Server - PrivEsc
  • Risoluzione Youtube: Video
  • Link: Premium
  • Difficoltà: Hard
  • OS: Windows
  • Certificazioni: CEH | CompTIA+ | eJPT | eCPPT | OSCP |
  • Skills: Virtual Hosting - WordPress - ssh - PrivEsc
  • Risoluzione Youtube: Video
  • Link: TryHackMe | RootMe
  • Difficoltà: Easy
  • OS: Linux
  • Certificazioni: CEH | CompTIA+ | eJPT |
  • Skills: Creazione Shell - PrivEsc
  • Risoluzione Youtube: Video
  • Link: TryHackMe | Agent Sudo
  • Difficoltà: Easy
  • OS: Linux
  • Certificazioni: CEH | CompTIA+ | eJPT |
  • Skills: Hash Cracking - Brute Force
  • Risoluzione Youtube: Video
  • Link: Premium
  • Difficoltà: Easy
  • OS: Linux
  • Certificazioni: CEH | CompTIA+ | eJPT |
  • Skills: Gobuster - Hydra - Metasploit
  • Risoluzione Youtube: Video
  • Link: TryHackMe | LazyAdmin
  • Difficoltà: Easy
  • OS: Linux
  • Certificazioni: CEH | CompTIA+ | eJPT |
  • Skills: Wfuzz - CMS - Metasploit - PrivEsc
  • Risoluzione Youtube: Video
  • Link: TryHackMe | Anonymous
  • Difficoltà: Medium
  • OS: Linux
  • Certificazioni: CEH | CompTIA+ | eJPT | eCPPT |
  • Skills: SMB - FTP - Scripting - PrivEsc
  • Risoluzione Youtube: Video
  • Link: Premium
  • Difficoltà: Medium
  • OS: Linux
  • Certificazioni: CEH | CompTIA+ | eJPT |
  • Skills: CVE - Metasploit - Webmin
  • Risoluzione Youtube: Video
  • Link: TryHackMe | Wgel CTF
  • Difficoltà: Easy
  • OS: Linux
  • Certificazioni: CEH | CompTIA+ | eJPT |
  • Skills: id_rsa - PriEsc
  • Risoluzione Youtube: Video
  • Link: TryHackMe | Attacktive Directory
  • Difficoltà: Medium
  • OS: Linux
  • Certificazioni: CEH | CompTIA+ | eJPT | eCPPT |
  • Skills: Enum4linux - KerBrute - Impaket - SMB - PriEsc
  • Risoluzione Youtube: Video

Hacking Tools in 5 minuti

Crakkare passwords con Hashcat

Scoprire Password con John

Scansionare reti e porte

Riconoscere e identificare tecnologie

Scoprire informazioni sensibili

Estrarre e copiare le porte

 Hacking Web con Caido

Exploit base semplice e potente

Creare false pagine di login in un click.

Far far away, behind the word mountains, far from the countries Vokalia and Consonantia, there live the blind texts. Separated they live in Bookmarksgrove right at the coast

Brute Force per scoprire le passowrds.

VulnHub

  • Link: eLection: 1 ~ VulnHub
  • Difficoltà: Medium
  • OS: Linux 
  • Certificazioni: CEH | CompTIA+ | eJPT | OSCP (PrivEsc) |
  • Skills:
    • Web Enumeration
    • Information Leakage - Log Exposure
    • Abusing SUID Binary (Serv-U FTP Server < 15.1.7) [Privilege Escalation]
  • Risoluzione Youtube: Video
  • Link: MyExpense: 1 ~ VulnHub
  • Difficoltà: Medium
  • OS: Linux 
  • Certificazioni: CEH | CompTIA+ | eJPT | eWPT | OSWE |
  • Skills:
    • Web Enumeration
    • Enabling disabled button in the user registration form
    • XSS (Cross-Site Scripting)
    • CSRF (Cross-Site Request Forgery)
    • XSS + Javascript file in order to steal the user's session cookie
    • XSS + CSRF in order to activate new registered users
    • XSS vulnerability in message management system
    • Stealing session cookies with XSS vulnerability in message handling system
    • Cookie Hijacking
    • SQL Injection (Union Query Based)
    • Cracking Hashes
    • Logging in as the boss and sending us the corresponding money
  • Risoluzione Youtube: Video
  • Link: DarkHole: 2 ~ VulnHub
  • Difficoltà: Hard
  • OS: Linux 
  • Certificazioni: CEH | CompTIA+ | eJPT | eWPT | 
  • Skills:
    • Information Leakage
    • Github Project Enumeration
    • SQLI (SQL Injection)
    • Chisel (Remote Port Forwarding) + Abusing Internal Web Server
    • Bash History - Information Leakage [User Pivoting]
    • Abusing Sudoers Privilege [Privilege Escalation]
  • Risoluzione Youtube: Video
  • Link: Durian: 1 ~ VulnHub
  • Difficoltà: Hard
  • OS: Linux 
  • Certificazioni: eJPT | eWPT
  • Skills:
      • Web Enumeration
      • Local File Inclusion (LFI)
      • LFI to RCE - Abusing /proc/self/fd/X + Log Poisoning
      • Abusing capabilities (cap_setuid+ep on gdb binary) [Privilege Escalation]
  • Risoluzione Youtube: Video

HackTheBox Challenges

Difficoltà: Very Easy

Categoria: Reversing

Risoluzione: Video

Difficoltà: Very Easy

Categoria: Web

Risoluzione: Video

Difficoltà: Very Easy

Categoria: Web

Risoluzione: Video

Difficoltà: Very Easy

Categoria: Web

Risoluzione: Video

Difficoltà: Very Easy

Categoria: Forensic

Risoluzione: Video