Recent Posts

HackTheBox: Flight

12 minute read

This box is rated hard difficulty on HTB. It involves LFI, NTLM theft, password spraying, uploading reverse shells, plenty of enumeration, port forwarding, a...

HackTheBox: Cicada

6 minute read

This box is rated easy difficulty on THM. It involves using Guest authentication to discover a default password on an SMB share, finding more passwords throu...

HackTheBox: Usage

7 minute read

This box is rated easy difficulty on HTB. It involves us exploiting SQL injection to dump a web application’s database and sign in as an Administrator. Then ...

HackTheBox: Keeper

5 minute read

This box is rated easy difficulty on HTB. It involves us logging into a ticket support site with default credentials which leads to grabbing a plaintext pass...

Masterpiece

6 minute read

This is vulnerable machine was a side project of mine that also served as great practice for Python, web exploitation, and Linux privilege escalation techniq...

HackTheBox: Jeeves

6 minute read

This box is rated medium difficulty on HTB. It involves us grabbing a reverse shell by using Jenkins’ script console, decrypting a KeePass database file to g...

TryHackMe: Kitty

9 minute read

This box is rated medium difficulty on THM. It involves us exploiting a blind-based SQL injection to dump user credentials on the website. Doing so rewards u...

HackTheBox: Magic

7 minute read

This box is rated medium difficulty on HTB. It involves us bypassing both a login page via SQL injection and a file upload filter by manipulating magic bytes...

HackTheBox: Builder

4 minute read

This box is rated medium difficulty on HTB. It involves us exploiting a vulnerable Jenkins application to read files on the server. Parsing XML files grants ...

TryHackMe: Olympus

10 minute read

This box is rated medium difficulty on THM. It involves us exploiting a SQL injection in an old CMS site, which leads to dumping user credentials. Using a re...