Share
## https://sploitus.com/exploit?id=92CD8C12-9B27-5E8C-80D6-4B3748B30BC7
# VulnHub Writeups
**Author:** Roman Mares
**Company:** [Delta Force Security LLC](https://romanm24.github.io/deltaforce-soc-ai) — Phoenix, AZ
**Education:** AAS Cybersecurity + Linux Administration — Scottsdale Community College
**GitHub:** [Romanm24](https://github.com/Romanm24) | **LinkedIn:** [roman-mares-](https://linkedin.com/in/roman-mares-)
---
## Overview
Detailed penetration testing writeups for VulnHub virtual machines, documenting the complete attack chain from initial reconnaissance through privilege escalation to root flag capture. Each writeup follows an OSCP/PNPT-style methodology and includes remediation recommendations written from a **SOC analyst perspective**.
These writeups demonstrate hands-on skills in:
- Network and web application reconnaissance
- Service exploitation and web app attacks (SQLi, file upload bypass)
- Steganography and OSINT
- Linux privilege escalation (sudo abuse, SUID, cron, PATH hijacking)
- Defensive hardening recommendations per finding
---
## Machines
| Machine | Difficulty | Key Techniques | Root |
|---------|------------|----------------|------|
| [Mercury](./mercury/writeup.md) | Easy | Web enum, Django SQLi, credential extraction, sudo vim | ✅ |
| [Deathnote](./deathnote/writeup.md) | Easy | WordPress enum, steganography, sudo nano escape | ✅ |
| [PowerGrid](./powergrid/writeup.md) | Intermediate | Multi-VM pivot, GPG decryption, cron job abuse | ✅ |
| [The Grid](./the-grid/writeup.md) | Intermediate | SQLi, hash cracking, file upload bypass, SUID python3 | ✅ |
---
## Methodology
```
1. Reconnaissance → nmap, netdiscover, passive OSINT
2. Enumeration → gobuster, nikto, wpscan, enum4linux
3. Exploitation → manual + tool-assisted
4. Post-Exploit → linpeas, sudo -l, SUID/GUID, cron audit
5. PrivEsc → sudo misconfig, SUID abuse, cron, kernel
6. Hardening → CVE mapping, remediation per finding
```
---
## Tools Referenced
`nmap` · `gobuster` · `nikto` · `wpscan` · `hydra` · `linpeas` · `metasploit` · `burp suite` · `steghide` · `hashcat` · `john` · `python3` · `netcat` · `proxychains`
---
## SOC Platform
These writeups support ongoing security research published at **[Delta Force SOC AI](https://romanm24.github.io/deltaforce-soc-ai)**.
---
> *All machines are hosted on VulnHub or in isolated local lab environments. Content is strictly for educational and professional development purposes.*