Share
## https://sploitus.com/exploit?id=92CD8C12-9B27-5E8C-80D6-4B3748B30BC7
# VulnHub Writeups

**Author:** Roman Mares  
**Company:** [Delta Force Security LLC](https://romanm24.github.io/deltaforce-soc-ai) — Phoenix, AZ  
**Education:** AAS Cybersecurity + Linux Administration — Scottsdale Community College  
**GitHub:** [Romanm24](https://github.com/Romanm24) | **LinkedIn:** [roman-mares-](https://linkedin.com/in/roman-mares-)

---

## Overview

Detailed penetration testing writeups for VulnHub virtual machines, documenting the complete attack chain from initial reconnaissance through privilege escalation to root flag capture. Each writeup follows an OSCP/PNPT-style methodology and includes remediation recommendations written from a **SOC analyst perspective**.

These writeups demonstrate hands-on skills in:
- Network and web application reconnaissance
- Service exploitation and web app attacks (SQLi, file upload bypass)
- Steganography and OSINT
- Linux privilege escalation (sudo abuse, SUID, cron, PATH hijacking)
- Defensive hardening recommendations per finding

---

## Machines

| Machine | Difficulty | Key Techniques | Root |
|---------|------------|----------------|------|
| [Mercury](./mercury/writeup.md) | Easy | Web enum, Django SQLi, credential extraction, sudo vim | ✅ |
| [Deathnote](./deathnote/writeup.md) | Easy | WordPress enum, steganography, sudo nano escape | ✅ |
| [PowerGrid](./powergrid/writeup.md) | Intermediate | Multi-VM pivot, GPG decryption, cron job abuse | ✅ |
| [The Grid](./the-grid/writeup.md) | Intermediate | SQLi, hash cracking, file upload bypass, SUID python3 | ✅ |

---

## Methodology

```
1. Reconnaissance   →  nmap, netdiscover, passive OSINT
2. Enumeration      →  gobuster, nikto, wpscan, enum4linux
3. Exploitation     →  manual + tool-assisted
4. Post-Exploit     →  linpeas, sudo -l, SUID/GUID, cron audit
5. PrivEsc          →  sudo misconfig, SUID abuse, cron, kernel
6. Hardening        →  CVE mapping, remediation per finding
```

---

## Tools Referenced

`nmap` · `gobuster` · `nikto` · `wpscan` · `hydra` · `linpeas` · `metasploit` · `burp suite` · `steghide` · `hashcat` · `john` · `python3` · `netcat` · `proxychains`

---

## SOC Platform

These writeups support ongoing security research published at **[Delta Force SOC AI](https://romanm24.github.io/deltaforce-soc-ai)**.

---

> *All machines are hosted on VulnHub or in isolated local lab environments. Content is strictly for educational and professional development purposes.*