Latest Blog Posts
Trick Writeup - Hack The Box
Exploiting SQL injection, DNS enumeration and LFI for initial access, then leveraging fail2ban configuration for privilege escalation
Read more
MetaTwo Writeup - Hack The Box
Exploiting SQL injection and XXE vulnerabilities for initial access, followed by password cracking and PGP key cracking for privilege escalation
Read more
Delivery Writeup - Hack The Box
Exploiting osTicket email forwarding and Mattermost registration for initial access, then cracking bcrypt password hashes with custom wordlists for privilege escalation
Read more
Soccer Writeup - Hack The Box
Exploiting file upload and blind SQL injection via WebSocket for initial access, then abusing SUID permissions for privilege escalation
Read more
Union Writeup - Hack The Box
Exploiting UNION-based SQL injection for data extraction and credential discovery, then leveraging command injection via HTTP headers for privilege escalation
Read more