truelyyours

HTB - Previous - Writeup

Fri, 23 Jan 2026 00:00:00 GMT

Medium difficulty Linux machine with has AUTH bypass vuln in next.js allowing access to restricted pages. Further we can do LFI and retrieve use creds and subsequently get root privileges

HTB - Voleur - Writeup

Sun, 09 Nov 2025 00:00:00 GMT

Retd Windows Machine. As is common in real life Windows pentests, you will start the Voleur box with credentials given.

HTB - Artificial - Writeup

Tue, 28 Oct 2025 00:00:00 GMT

Artificial`is an easy-difficulty Linux machine that showcases exploiting a web application used to run AI models with Tensorflow and the Backrest web UI by abusing the backup and restore functionalities and the restic utility used by the application.

README

Thu, 09 Oct 2025 22:37:08 GMT

RTFD All the documentation Misc Commands Dir/File Search gobuster dir -u -w -x DNS/Subdomain Search gobuster dns -d -w -i --wildcard VHOST Search gobuster vhost -u -w -ad som...

Mr Robot CTF - Writeup

Tue, 07 Oct 2025 00:00:00 GMT

A free retd box based on the Mr. Robot show, can you root this box? This is a virtual machine meant for beginners/intermediate users. There are 3 hidden keys located on the machine, can you find them?

HTB - Puppy - Writeup

Sat, 04 Oct 2025 00:00:00 GMT

Retd Medium Windows Machine with given starting credentials mimicking real life pentests

Windows Recon Commands

Sat, 04 Oct 2025 00:00:00 GMT

Common Windows recon commands

Post Exploitation

Sun, 28 Sep 2025 00:00:00 GMT

Things to do post exploitation

Certipy - AD CS

Sat, 27 Sep 2025 00:00:00 GMT

Certipy is a powerful offensive and defensive toolkit for enumerating and abusing Active Directory Certificate Services (AD CS)

bloodyAD

Sat, 27 Sep 2025 00:00:00 GMT

bloodyAD is an Active Directory privilege escalation swiss army knife