Recent posts

HackTheBox Writeup: Mango

Mango was a medium difficulty Linux machine in which a NoSQL injection was used to enumerate credentials for initial SSH access. A SUID java binary was then exploited to write to root's authorized_

HackTheBox Writeup: Traverxec

Traverexec was an easy rated Linux box which was great for beginners. A vulnerability in the Nostromo http server was exploited for initial access. A weak password used to protect a backup of

HackTheBox Writeup: Registry

Registry was a hard rated Linux machine that was a bit of a journey but a lot of fun for me. The initial foothold was gained by taking advantage of a weak password

HackTheBox Writeup: Sniper

Sniper was a medium rated Windows machine that relied on a RFI vulnerability to load an attacker-hosted php webshell which could be used to obtain a low privileged shell on the machine. From

HackTheBox Writeup: Forest

Forest was an easy rated Windows machine and was a great opportunity for me to practice attacks I had only read about up until now. The initial foothold was gained by enumerating user