# TryHackMe Labs - [Wonderland](/dotwuts-gitbook/labs/tryhackme-labs/wonderland.md) - [Ghostcat](/dotwuts-gitbook/labs/tryhackme-labs/ghostcat.md) - [OverPass3](/dotwuts-gitbook/labs/tryhackme-labs/overpass3.md) - [Joker](/dotwuts-gitbook/labs/tryhackme-labs/joker.md): lxc privesc https://github.com/Voker2311/CaptureTheFlag-walkthroughs/blob/master/HA%20JokerCTF%20Tryhackme%20Walkthrough - [Wekor (Manual SQLi + memcache and python privesc)](/dotwuts-gitbook/labs/tryhackme-labs/wekor-manual-sqli-+-memcache-and-python-privesc.md) - [Vulnnet (LFI of apache config file)](/dotwuts-gitbook/labs/tryhackme-labs/vulnnet-lfi-of-apache-config-file.md): https://www.aldeid.com/wiki/TryHackMe-VulnNet - [OverPass (session Cookie bypass + /etc/hosts bash script privesc)](/dotwuts-gitbook/labs/tryhackme-labs/overpass-session-cookie-bypass-+-etc-hosts-bash-script-privesc.md) - [Archangel (LFI with php filters + log poisoning)](/dotwuts-gitbook/labs/tryhackme-labs/archangel-lfi-with-php-filters-+-log-poisoning.md): LFI Practice - [Mustacchio (XXE Vulnerability + tail privesc)](/dotwuts-gitbook/labs/tryhackme-labs/mustacchio-xxe-vulnerability-+-tail-privesc.md): XXE - [Inferno (OSCP practice + tee privesc)](/dotwuts-gitbook/labs/tryhackme-labs/inferno-oscp-practice-+-tee-privesc.md) - [Jurrasic (SQL Injection)](/dotwuts-gitbook/labs/tryhackme-labs/jurrasic-sql-injection.md) - [Glitch (ffuf POST request and firefox decrypt)](/dotwuts-gitbook/labs/tryhackme-labs/glitch-ffuf-post-request-and-firefox-decrypt.md) - [CatPictures (Port Knocking and Docker Escape)](/dotwuts-gitbook/labs/tryhackme-labs/catpictures-port-knocking-and-docker-escape.md) - [HackerVsHacker (File upload bypass + process privesc)](/dotwuts-gitbook/labs/tryhackme-labs/hackervshacker-file-upload-bypass-+-process-privesc.md) - [Dear QA (Linux Binary Overflow)](/dotwuts-gitbook/labs/tryhackme-labs/dear-qa-linux-binary-overflow.md) - [Mindgames (RCE Brainfuck+Python + cap\_setuid of openssl privesc)](/dotwuts-gitbook/labs/tryhackme-labs/mindgames-rce-brainfuck+python-+-cap_setuid-of-openssl-privesc.md) - [Biblioteca (SQLi + python library hijacking)](/dotwuts-gitbook/labs/tryhackme-labs/biblioteca-sqli-+-python-library-hijacking.md) - [Peak Hill (Python Pickles + decompyle .pyc + sourpickles)](/dotwuts-gitbook/labs/tryhackme-labs/peak-hill-python-pickles-+-decompyle-.pyc-+-sourpickles.md) - [WWBuddy (SQLi new way + php cmd injection + USER env var privesc)](/dotwuts-gitbook/labs/tryhackme-labs/wwbuddy-sqli-new-way-+-php-cmd-injection-+-user-env-var-privesc.md) - [toc2 (cms made simple 2.1.6 exploit + linux .c program race condition)](/dotwuts-gitbook/labs/tryhackme-labs/toc2-cms-made-simple-2.1.6-exploit-+-linux-.c-program-race-condition.md): https://github.com/sroettger/35c3ctf\_chals/blob/master/logrotate/exploit/rename.c - [VulnNet Active (Windows Redis + SMB scheduled job + SharpGPOAbuse)](/dotwuts-gitbook/labs/tryhackme-labs/vulnnet-active-windows-redis-+-smb-scheduled-job-+-sharpgpoabuse.md) - [Madeye's castle (SQLite Injection + binary exploitation for privesc)](/dotwuts-gitbook/labs/tryhackme-labs/madeyes-castle-sqlite-injection-+-binary-exploitation-for-privesc.md) - [Ghizer (Wordpress+LimeSurvey + chisel ghidra port for RCE + .py privesc)](/dotwuts-gitbook/labs/tryhackme-labs/ghizer-wordpress+limesurvey-+-chisel-ghidra-port-for-rce-+-.py-privesc.md) - [ContainMe (html path command injection + SUID privesc+lateral to container with ssh + mysql privesc)](/dotwuts-gitbook/labs/tryhackme-labs/containme-html-path-command-injection-+-suid-privesc+lateral-to-container-with-ssh-+-mysql-privesc.md) - [SafeZone](/dotwuts-gitbook/labs/tryhackme-labs/safezone.md) - [VulnNet-Internal (SMB/NFS/Rsync exploit + TeamCity Privesc)](/dotwuts-gitbook/labs/tryhackme-labs/vulnnet-internal-smb-nfs-rsync-exploit-+-teamcity-privesc.md) - [Vulnnet-Roasted (AS-REP Roasting + secretdump)](/dotwuts-gitbook/labs/tryhackme-labs/vulnnet-roasted-as-rep-roasting-+-secretdump.md) - [VulnNet: Node (Node.js deserialization + /npm privesc and services privesc)](/dotwuts-gitbook/labs/tryhackme-labs/vulnnet-node-node.js-deserialization-+-npm-privesc-and-services-privesc.md) - [Enterprise (Domain-Admin to RDP Users + PowerUp privesc)](/dotwuts-gitbook/labs/tryhackme-labs/enterprise-domain-admin-to-rdp-users-+-powerup-privesc.md) - [Fusion Corp (Get-NPUsers + rcpclient + SeBackupPrivilege privesc)](/dotwuts-gitbook/labs/tryhackme-labs/fusion-corp-get-npusers-+-rcpclient-+-sebackupprivilege-privesc.md) - [Set (users.xml + bruteforce SMB + plink + custom msfvenom module)](/dotwuts-gitbook/labs/tryhackme-labs/set-users.xml-+-bruteforce-smb-+-plink-+-custom-msfvenom-module.md): Check here as well for more info: https://f20.be/walktroughs/set.pdf - [Year of the Owl (SNMP + onesixtyone + snmpwalk + crackmapexec + RecycleBin + pwdump.py)](/dotwuts-gitbook/labs/tryhackme-labs/year-of-the-owl-snmp-+-onesixtyone-+-snmpwalk-+-crackmapexec-+-recyclebin-+-pwdump.py.md) - [Revenge (SQLi + sudoedit .service config)](/dotwuts-gitbook/labs/tryhackme-labs/revenge-sqli-+-sudoedit-.service-config.md) - [Opacity (RFI nullbyte bypass + .kdbx hash crack + pspy64 backup process LPE)](/dotwuts-gitbook/labs/tryhackme-labs/opacity-rfi-nullbyte-bypass-+-.kdbx-hash-crack-+-pspy64-backup-process-lpe.md) - [Intranet](/dotwuts-gitbook/labs/tryhackme-labs/intranet.md)