Tier-1 on crAIzy.dev

Tier-1 on crAIzy.dev https://craizy.dev/tags/tier-1/ Recent content in Tier-1 on crAIzy.dev https://craizy.dev/img/htb-default.png crAIzy.dev https://craizy.dev/ Hugo en Tue, 28 Apr 2026 20:10:00 +0300 HTB Starting Point — Ignition https://craizy.dev/writeups/ignition/ Tue, 28 Apr 2026 20:10:00 +0300 crAIzy https://craizy.dev/writeups/ignition/ Walkthrough of Ignition — Magento 2.4-dev admin panel with default credentials qwerty123, demonstrating virtual host discovery and admin panel enumeration. HTB Starting Point — Funnel https://craizy.dev/writeups/funnel/ Tue, 28 Apr 2026 19:30:00 +0300 crAIzy https://craizy.dev/writeups/funnel/ Walkthrough of Funnel — anonymous FTP leaks default credentials, SSH pivot reveals a PostgreSQL Docker container accessible via port forwarding, and the flag is a database row. HTB Starting Point — Responder https://craizy.dev/writeups/responder/ Tue, 28 Apr 2026 16:34:00 +0300 crAIzy https://craizy.dev/writeups/responder/ Walkthrough of Responder — LFI in PHP triggers a UNC path that forces Windows to authenticate to Responder, capturing a NetNTLMv2 hash cracked to reveal the Administrator password. HTB Starting Point — Crocodile https://craizy.dev/writeups/crocodile/ Tue, 28 Apr 2026 15:43:00 +0300 crAIzy https://craizy.dev/writeups/crocodile/ Walkthrough of Crocodile — anonymous FTP exposes credential files that unlock a web admin panel on port 80, combining two services into one attack chain. HTB Starting Point — Sequel https://craizy.dev/writeups/sequel/ Tue, 28 Apr 2026 15:20:00 +0300 crAIzy https://craizy.dev/writeups/sequel/ Walkthrough of Sequel — MariaDB 10.3.27 exposed on port 3306 with root user having no password, flag stored as a table row in the htb database. HTB Starting Point — Appointment https://craizy.dev/writeups/appointment/ Tue, 28 Apr 2026 14:30:00 +0300 crAIzy https://craizy.dev/writeups/appointment/ Walkthrough of Appointment — SQL injection in a login form bypasses authentication and exposes the flag, with sqlmap extraction of the underlying database schema. HTB Starting Point — Bike https://craizy.dev/writeups/bike/ Tue, 28 Apr 2026 12:38:00 +0300 crAIzy https://craizy.dev/writeups/bike/ Walkthrough of Bike — Server-Side Template Injection in Handlebars (Node.js) escalates from a reflected error to RCE as root via process.mainModule.require. HTB Starting Point — Three https://craizy.dev/writeups/three/ Mon, 27 Apr 2026 22:00:00 +0300 crAIzy https://craizy.dev/writeups/three/ Walkthrough of Three — S3 subdomain discovery leads to an unauthenticated LocalStack bucket where uploading a PHP webshell achieves RCE as www-data.