Penetration Testing Writeups

A curated collection of machine writeups from Offsec Proving Grounds and TryHackMe, organized using a consistent methodology:

Recon → Scanning → Enumeration → Exploitation → Privilege Escalation → Root/Administrator

---

📁 Repository Structure

pentest-writeups/
├── README.md
├── Offsec-Proving-Grounds/
│   ├── 48 machine writeups
└── TryHackMe/
    └── 34 machine writeups

---

🗂️ Writeup Template Structure

Each writeup follows this standardized format:

Section	Description
1. Recon	Target info — IP, hostname, OS, credentials found
2. Scanning	Full Nmap output + open ports summary
3. Enumeration	Service-by-service enumeration, web fuzzing, SMB, FTP, etc.
4. Exploitation	Initial foothold — CVEs, default creds, RCE, file upload, etc.
5. Privilege Escalation	Local privesc — SUID, sudo, cron, misconfigs, tokens
6. Root/Administrator	Proof — uid=0(root) or nt authority\system

---

🔴 Offsec Proving Grounds

48 machines | Platform: Offsec Proving Grounds

#	Machine	Writeup
01	AMATERASU	📄 View Writeup
02	LOLY	📄 View Writeup
03	POTATO	📄 View Writeup
04	STAPLER	📄 View Writeup
05	BBSCUTE	📄 View Writeup
06	GAARA	📄 View Writeup
07	BLOGGER	📄 View Writeup
08	FUNBOXEASYENUM	📄 View Writeup
09	GLASGOWSMILE	📄 View Writeup
10	OCHIMA	📄 View Writeup
11	COCKPIT	📄 View Writeup
12	PYLOADER	📄 View Writeup
13	CLUE	📄 View Writeup
14	MZEEAV	📄 View Writeup
15	POSTFISH	📄 View Writeup
16	ROQUEFORT	📄 View Writeup
17	FLU	📄 View Writeup
18	PC	📄 View Writeup
19	QUACKERJACK	📄 View Writeup
20	SORCERER	📄 View Writeup
21	EXFILTRATED	📄 View Writeup
22	PEPPO	📄 View Writeup
23	BULLYBOX	📄 View Writeup
24	ASTRONAUT	📄 View Writeup
25	CLAMAV	📄 View Writeup
26	PELICAN	📄 View Writeup
27	PAYDAY	📄 View Writeup
28	SNOOKUMS	📄 View Writeup
29	BRATARINA	📄 View Writeup
30	PEBBLES	📄 View Writeup
31	NIBBLES	📄 View Writeup
32	HETEMIT	📄 View Writeup
33	ZENPHOTO	📄 View Writeup
34	NUKEM	📄 View Writeup
35	ZIPPER	📄 View Writeup
36	XPOSEDAPI	📄 View Writeup
37	LAVITA	📄 View Writeup
38	EXTPLORER	📄 View Writeup
39	LEVRAM	📄 View Writeup
40	HAWAT	📄 View Writeup
41	WALLA	📄 View Writeup
42	WOMBO	📄 View Writeup
43	APEX	📄 View Writeup
44	FANATASTIC	📄 View Writeup
45	SYBARIS	📄 View Writeup
46	MARKETING	📄 View Writeup
47	HUNIT	📄 View Writeup
48	READYS	📄 View Writeup

---

🟢 TryHackMe

34 machines | Platform: TryHackMe

Machine	Platform Link	Writeup
ALFRED	🔗 Room	📄 View Writeup
ALLSIGNSPOINT2PWNAGE	🔗 Room	📄 View Writeup
ANTHEM	🔗 Room	📄 View Writeup
ATTACKING-KERBEROS	🔗 Room	📄 View Writeup
ATTACKTIVE-DIRECTORY	🔗 Room	📄 View Writeup
BLUEPRINT	🔗 Room	📄 View Writeup
BOILERCTF	🔗 Room	📄 View Writeup
CMESS	🔗 Room	📄 View Writeup
CYBERLENS	🔗 Room	📄 View Writeup
DAILYBUGLE	🔗 Room	📄 View Writeup
ENTERPRISE	🔗 Room	📄 View Writeup
GAMEZONE	🔗 Room	📄 View Writeup
HACK-SMARTER-SECURITY	🔗 Room	📄 View Writeup
HACKPARK	🔗 Room	📄 View Writeup
INTERNAL	🔗 Room	📄 View Writeup
KENOBI	🔗 Room	📄 View Writeup
LAZYADMIN	🔗 Room	📄 View Writeup
MR-ROBOT	🔗 Room	📄 View Writeup
RELEVANT	🔗 Room	📄 View Writeup
RESET	🔗 Room	📄 View Writeup
RETRO	🔗 Room	📄 View Writeup
ROOTME	🔗 Room	📄 View Writeup
SILVERPLATTER	🔗 Room	📄 View Writeup
SKYNET	🔗 Room	📄 View Writeup
STEELMOUNTAIN-WINDOWS	🔗 Room	📄 View Writeup
THOMPSON	🔗 Room	📄 View Writeup
TOMGHOST	🔗 Room	📄 View Writeup
ULTRATECH	🔗 Room	📄 View Writeup
VULNETACTIVE	🔗 Room	📄 View Writeup
WEASEL	🔗 Room	📄 View Writeup
WONDERLAND	🔗 Room	📄 View Writeup
YEAROFTHEJELLYFISH	🔗 Room	📄 View Writeup
YEAROFTHEOWL	🔗 Room	📄 View Writeup
ZENO	🔗 Room	📄 View Writeup

---

📊 Stats

Platform	Machines
Offsec Proving Grounds	48
TryHackMe	34
Total	82

---

🛠️ Tools Referenced Across Writeups

Scanning & Recon: nmap · whatweb · curl

Web Fuzzing: gobuster · ffuf · dirsearch

Exploitation: metasploit · searchsploit · msfvenom · revshells.com

Post-Exploitation: linpeas · winpeas · pspy · GTFOBins

Active Directory: impacket · kerbrute · enum4linux · CrackMapExec/NetExec · Bloodhound

Password Attacks: hydra · hashcat · john

---

All writeups are for educational purposes. Machines are legally accessible lab environments.