██████╗ ███████╗██████╗ ████████╗███████╗ █████╗ ███╗ ███╗ ██╔══██╗██╔════╝██╔══██╗ ╚══██╔══╝██╔════╝██╔══██╗████╗ ████║ ██████╔╝█████╗ ██║ ██║ ██║ █████╗ ███████║██╔████╔██║ ██╔══██╗██╔══╝ ██║ ██║ ██║ ██╔══╝ ██╔══██║██║╚██╔╝██║ ██║ ██║███████╗██████╔╝ ██║ ███████╗██║ ██║██║ ╚═╝ ██║ ╚═╝ ╚═╝╚══════╝╚═════╝ ╚═╝ ╚══════╝╚═╝ ╚═╝╚═╝ ╚═╝
This repository includes pentest writeups, methodologies, and a checklist for effective security assessments. (WOP)
The following pentests are organized in a sequence recommended for beginners.
- Topoo:1 Pentest - Exposed sensitive information and SUID privesc
- SickOs 1.1 Pentest - CMS upload, cron job, password leak
- Dina 1.0.1 Pentest - Weak directory permissions, exposed passwords, binary executed as root
- Unknowndevice64 Pentest - Steganography, restricted shell, SUID privesc
- Stapler Pentest - Anonymous FTP, WordPress bruteforcing, plugin exploitation, insecure bash history
- Eric Pentest - Web shell upload and backup exploit
- 02 - Breakout Pentest - Decoding, user enumeration, Webmin exploit and misconfigured tar utility
- Horizontall Pentest - Directory traversal, UDP port exploration, known exploits, and 0-DAY exploit
- RouterSpace Pentest - APK proxy, command injection, and Sudo exploit
- Pandora Pentest - SQLi and Web shell upload
- Driver Pentest - WinRM, Cracking, and "printer nightmare" Exploit
- Paper Pentest - WordPress enumeration, Rocket.Chat plugin exploit, PWNkit
- PwnLab Pentest - LFI, MIME bypass, Cookie manipulation, Setuid binary
- Shibboleth Pentest - Subdomain Enumeration, IPMI enum, Cracking, and Mariadb exploit
- Backdoor Pentest - Source code analysis, Strapi vulnerabilities, and 0-DAY exploit
- Secret Pentest - API exploit, 0-DAY privesc, and creative SUID privilege escalation