Recent Posts

HackTheBox: Administrator

8 minute read

This box is rated medium difficulty on HTB. It involves us enumerating Access Control Lists (ACLs) over privileged objects in order to pivot between several ...

HackTheBox: ServMon

9 minute read

This box is rated easy difficulty on HTB. It involves us discovering the location of a password list over anonymous FTP login, and utilizing a vulnerable NVM...

HackTheBox: Editor

9 minute read

This box is rated easy difficulty on HTB. It involves us finding a virtual host on a website running a vulnerable version of Xwiki. We can get RCE on the sys...

TryHackMe: Fusion Corp

12 minute read

This box is rated hard difficulty on THM. It involves us discovering an employee spreadsheet in a backup directory on the web server that leads to AS-REP roa...

HackTheBox: Manager

11 minute read

This box is rated medium difficulty on HTB. It involves us enumerating domain users by brute-forcing RIDs and password spraying to get valid credentials for ...

TryHackMe: Extract

11 minute read

This box is rated hard difficulty on THM. It involves us exploiting a Server-Side Request Forgery attack to enumerate an internal web server and bypassing a ...

HackTheBox: CozyHosting

10 minute read

This box is rated easy difficulty on HTB. It involves us enumerating a Spring Boot web application to find an exposed actuator endpoint which allows us to st...

TryHackMe: Ledger

12 minute read

This box is rated hard difficulty on THM. It involves us finding default credentials for domain users through LDAP anonymous binds and abusing a misconfigura...

TryHackMe: The London Bridge

11 minute read

This box is rated medium difficulty on THM. It involves us discovering an SSRF vulnerability on a website that allows for internal service enumeration. We fi...

TryHackMe: Motunui

15 minute read

This box is rated hard difficulty on THM. It involves us grabbing a network packet capture file from SMB which holds a development virtual host inside of a P...