DEV Community: Valera1

TryHackMe - Mr Robot

Valera1 — Mon, 23 Mar 2026 16:17:07 +0000

Hello Friend.

I just pwned a medium lab "Mr Robot CTF" on TryHackMe!

Full writeup here:
🔗 https://github.com/sonyahack1/Try-Hack-Me/blob/main/THM_MrRobot/THM_MrRobot_CTF_Linux___20.03.2026.md

VulnHub - Empire:LupinOne (medium)

Valera1 — Sat, 29 Nov 2025 14:04:33 +0000

Hi.
I just pwned a medium machine "Empire: LupinOne" on VulnHub!

T1595.002 - Active Scanning: Vulnerability Scanning
T1595.003 - Active Scanning: Wordlist Scanning
T1110.002 - Brute Force: Password Cracking
T1133 - External Remote Services
T1078.003 - Valid Accounts: Local Accounts
T1548.003 - Abuse Elevation Control Machanism: Sudo and Sudo Caching

🔗Full writeup here: https://github.com/sonyahack1/VulnHub/blob/main/Empire_Lupinone/Empire_LupinOne___25.11.2025.md

VulnHub - Thales: 1. Writeup (Linux)

Valera1 — Thu, 20 Nov 2025 16:05:18 +0000

🔥 Hi. I just pwned an Easy Machine "Thales: 1" on VulnHub!

Techniques implemented during the attack:

T1595.002 - Active Scanning: Vulnerability Scanning T1110 - Brute Force
T1190 - Exploit Public-Facing Application
T1552.004 - Unsecured Credentials: Private Keys
T1078.003 - Valid Accounts: Local Accounts
T1053.003 - Scheduled Task/Job: Cron

🔗Full writeup here: https://github.com/sonyahack1/VulnHub/blob/main/Thales_1/Thales_1___19.11.2025.md

VulnHub - ICA: 1 (Linux)

Valera1 — Tue, 04 Nov 2025 15:25:59 +0000

🔥 Hi
I just pwned a simple lab "ICA: 1" on VulnHub!

T1595.002 - Active Scanning: Vulnerability Scanning
T1190 - Exploit Public-Facing Application
T1110.001 - Brute Force: Password Guessing
T1059.004 - Command and Scripting Interpreter: Unix Shell
T1548.001 - Abuse Elevation Control Mechanism: Setuid and Setgid

Full writeup here:

🔗 https://github.com/sonyahack1/VulnHub/blob/main/ICA/ICA___03.11.2025.md

VulnHub - Hacksudo: Thor (Linux)

Valera1 — Wed, 08 Oct 2025 13:32:58 +0000

🔥I just pwned "Hacksudo: Thor" on VulnHub!

T1595 - Active Scanning
T1190 - Exploit Public-Facing Application
T1059 - Command and Scripting Interpreter
T1548 - Abuse Elevation Control Mechanism

Full writeup here:

🔗https://github.com/sonyahack1/VulnHub/blob/main/hacksudo_Thor/hacksudo_Thor___04.10.2025.md

"Escalate My Privileges: 1" - VulnHub (Easy)

Valera1 — Sun, 28 Sep 2025 17:35:23 +0000

🔥 I just pwned "Escalate My Privileges: 1" on VulnHub!

T1595 - Active Scanning
T1190 - Exploit Public-Facing Application
T1083 - File and Directory Discovery
T1548 - Abuse Elevation Control Mechanism

Full writeup here:

🔗https://github.com/sonyahack1/VulnHub/blob/main/Escalate_My_Privileges_1/Escalate_My_Privileges_1___27.09.2025.md

HTB - Vintage (Windows/Hard)

Valera1 — Sun, 14 Sep 2025 13:35:02 +0000

I just pwned Vintage on Hack The Box!

full writeup here:

https://github.com/sonyahack1/HackTheBox/blob/main/HTB_Vintage_Windows/HTB_Vintage_Windows_31.08.2025.md

HTB - Support - Windows (Easy)

Valera1 — Wed, 20 Aug 2025 15:55:13 +0000

I just pwned Support on Hack The Box!

1) TA0043 -> T1595 - Active Scanning
2) TA0007 -> T1135 - Network Share Discovery
3) TA0006 -> T1552 - Unsecured Credentials
4) TA0007 -> T1087 - Account Discovery
5) TA0006 -> T1552 - Unsecured Credentials
6) TA0001 -> T1078 - Valid Accounts
7) TA0004 -> T1098 - Account Manipulation
8) TA0006 -> T1003 - OS Credential Dumping
9) TA0008 -> T1021 - Remote Services

Link to the writeup here:
🔗 https://github.com/sonyahack1/HackTheBox/blob/main/HTB_Support_Windows/HTB_Support_Windows_10.08.2025.md

HTB - Bastion (Windows)

Valera1 — Mon, 11 Aug 2025 16:12:28 +0000

I just pwned Bastion on Hack The Box!

TA0043 -> T1595 - Active Scanning
TA0007 -> T1135 - Network Share Discovery
TA0006 -> T1003 - OS Credential Dumping
TA0001 -> T1078 - Valid Accounts
TA0006 -> T1552 - Unsecured Credentials

Link to the writeup here:
🔗 https://github.com/sonyahack1/HackTheBox/blob/main/HTB_Bastion_Windows/HTB_Bastion_Windows_01.08.2025.md

HTB - Administrator (Windows AD)

Valera1 — Tue, 05 Aug 2025 14:12:15 +0000

We are exploiting a chain of misconfigured object permissions in Active Directory without BloodHound

Techniques used:

T1595.002
T1069.002
T1098
T1078.002
T1558.003
T1003.006

Link to the writeup here:

🔗 https://github.com/sonyahack1/HackTheBox/blob/main/HTB_Administrator_Windows/HTB_Administrator_Windows_12.06.2025.md

it is very important for me to receive feedback on my completed work. If you have noticed an error, incorrect wording in my report or simply an incorrect train of thought - please let me know in the form of feedback so that I can improve my skills in preparing reports and make them more informative and useful

HackTheBox - writeup of a Windows Machine - Cicada

Valera1 — Wed, 30 Jul 2025 13:23:27 +0000

🔥 Finished working on the writeup of a Windows machine on the HackTheBox platform - "Cicada" (Easy).

Link to the writeup here:

🔗 https://github.com/sonyahack1/HackTheBox/blob/main/HTB_Cicada_Windows/HTB_Cicada_Windows_01.03.2025.md

It is very important for me to receive feedback on my completed work. If you have noticed an error, incorrect wording in my report or simply an incorrect train of thought - please let me know in the form of feedback so that I can improve my skills in preparing reports and
make them more informative and useful.

writeup on Linux machine Sau on HackTheBox platform

Valera1 — Sat, 19 Jul 2025 15:54:42 +0000

Hi!

🔥 Finished working on a writeup on an interesting, albeit simple, Linux machine on the HackTheBox platform — “Sau”.

We exploit the "SSRF" vulnerability in the Request Basket service to gain access to the internal Maltrail IDS system. Then via "OS Command Injection" we gain access to the puma user for whom sudo rights are insecurely configured, which ultimately leads to a complete compromise of the system.

In my writeup I described in detail how exactly "SSRF" and "Command Injection" work within this machine with step-by-step examples and explanations.

Link to the writeup here:

🔗 https://github.com/sonyahack1/HackTheBox/blob/main/HTB_Sau_Linux/HTB_Sau_Linux_05.03.2025.md

🚀 Friends, it is very important for me to receive feedback on my completed work. If you have noticed an error, incorrect wording in my report or simply an incorrect train of thought - please let me know in the form of feedback so that I can improve my skills in preparing reports and make them more informative and useful.