https://enrik-m.github.io/Hands-on cybersecurity labs, red team write-ups, exploit research, and practical notes from real-world offensive security training and CTF environments. 2026-04-09T07:26:59+02:00 enrik-m https://enrik-m.github.io/ Jekyll © 2026 enrik-m /assets/img/favicons/favicon.ico /assets/img/favicons/favicon-96x96.png 2026-04-09T07:20:00+02:00 2026-04-09T07:20:00+02:00 https://enrik-m.github.io/posts/Camaleon-CMS-Vulnerabilties/ enrik-m

The Beginning - Solving Facts Machine on HackTheBox After a long day of solving ctf challenges on an event that my team KSAL Cyber Team participated in, me and my cousin decided to do some easy hack the box machines to relax. We picked the first machine of season 10 which was called Facts. It was an outdated camaleon-cms build which had a couple of CVEs. First thing we did was creating an acc...

2026-02-13T01:00:00+01:00 2026-02-13T03:15:29+01:00 https://enrik-m.github.io/posts/Vulnyx-Beginner/ enrik-m

Recon Full TCP Scan First I started by running a full tcp port scan using nmap: nmap -sV -sC -p- 192.168.163.129 --min-rate 8000 After reviewing the results, the following ports were open: PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.4p1 Debian 5+deb11u1 (protocol 2.0) | ssh-hostkey: | 3072 f0:e6:24:fb:9e:b0:7a:1a:bd:f7:b1:85:23:7f:b1:6f (RSA) | 256 99:c8:74:31:45:10:58...