https://blog.akmee.xyz/writeups/active/Recent content in Season 10 on tomato's blogHugoen-ushttps://blog.akmee.xyz/writeups/active/cctv/Thu, 19 Mar 2026 12:35:58 -0300https://blog.akmee.xyz/writeups/active/cctv/CCTV is an easy Linux machine built around two real-world open-source camera management platforms. The attack path starts with default credential reuse on a ZoneMinder instance, leads into exploiting a blind SQL injection vulnerability to extract and crack credentials from the database, and finishes with privilege escalation through a motioneye service running as root.https://blog.akmee.xyz/writeups/active/pirate/Thu, 19 Mar 2026 12:35:58 -0300https://blog.akmee.xyz/writeups/active/pirate/Pirate is a hard Windows Active Directory machine that covers a wide range of modern offensive techniques across two network segments. The attack path demands solid enumeration skills and a good understanding of how Kerberos, NTLM, and AD delegation mechanisms behave under the hood. Expect to work through legacy misconfigurations, credential abuse, network pivoting, and a creative privilege escalation chain before landing on the Domain Controller.https://blog.akmee.xyz/writeups/active/interpreter/Thu, 05 Mar 2026 00:00:00 +0000https://blog.akmee.xyz/writeups/active/interpreter/Medium Linux machine exploiting CVE-2023-43208 (Mirth Connect RCE) for initial access, followed by MySQL credential leakage, PBKDF2 hash cracking, and an f-string eval SSTI in a local Flask server to escalate to root.