Recent Posts

TryHackMe: Dogcat

6 minute read

This box is rated medium difficulty on THM. It involves us exploiting a PHP web application via LFI to gain Remote Code Execution by poisoning access logs. T...

HackTheBox: Networked

8 minute read

This box is rated easy difficulty on HTB. It involves us bypassing file upload filters to get a shell on the box as Apache, exploiting a vulnerable cronjob t...

HackTheBox: Editorial

8 minute read

This box is rated easy difficulty on HTB. It involves us using an SSRF vulnerability within the site’s upload feature to fuzz for internal APIs. In doing, so...

HackTheBox: Pandora

8 minute read

This box is rated easy difficulty on THM. It involves us gathering plaintext credentials via SNMP to get a shell on the system, port forwarding an internal w...

TryHackMe: Rabbit Hole

10 minute read

This box is rated hard difficulty on THM. It involves us finding out that a web application is vulnerable to Second-Order SQL injection, which could be used ...

TryHackMe: CupidCards

14 minute read

This box is rated hard difficulty on THM and is apart of the advanced track in the Love at First Breach ‘26 event. It involves us getting LFI/RCE in the webs...

HackTheBox: Broker

5 minute read

This box is rated easy difficulty on THM. It involves us guessing default credentials on a webserver to disclose what version of ActiveMQ is running. Looking...

HackTheBox: Cascade

10 minute read

This box is rated medium difficulty on THM. It involves us enumerating LDAP to find that a user’s account contains a legacy password attribute that we can us...

TryHackMe: Rocket

17 minute read

Box link– https://tryhackme.com/room/rocket

TryHackMe: Exfilibur

9 minute read

This box is rated hard difficulty on THM. It involves us exploiting a web application built with BlogEngine to get a reverse shell through three CVEs. Once o...