HTB: Orion
A very simple machine with vulnerable versions of Craft CMS and Telnet.
Easy Read ↗
I build things, explore various security domains, and share what I learn along the way. Have a look around.
Recent projects and challenge walkthroughs.
A very simple machine with vulnerable versions of Craft CMS and Telnet.
Exploiting CVE-2025-57819 in the FreePBX system, and abusing incron.d and dahdi.conf for privilege escalation.
Easy machine running Flowise AI. It's vulnerable to CVE-2025-58434, which leaks user credentials, and CVE-2025-59528, which enables RCE through the CustomMCP node.