Rainbow is a medium difficulty machine that involves a SEH-based buffer overflow for user and a UAC bypass for root. User PORT STATE SERVICE 21/tcp open ftp 80/tcp open http 135/tcp op...

We are going to solve Developer, a pretty hard Linux machine on HackTheBox. It involves Cross-Site-Scripting, Tab Nabbing & reversing a rust binary. XSS Trigger jaVasCript:/*-/*`/*\`/*'/*"...

I always had difficulties understanding what Silver Tickets are and how they are used. Maybe this comes from the fact that they are rarely seen in labs. They can be really powerful though, so I’ll ...

We are solving Previse, an easy linux machine on HackTheBox that involves a Command Injection Path Hijacking.

This is a short walkthrough on Lustrous, a chain consisting of 2 machines on vulnlab. The main lesson on this chain is to demonstrate how silver tickets can be used with service accounts in a Activ...

Background On December 10th, 2021 the Log4Shell vulnerability, a “0-day” exploit in log4j2 appeared on Twitter. In this post, we will explore how to exploit it with LDAP in a lab environment. In o...

We are solving Vault from PG Practice. This machine involves planting malicious files on an SMB share to steal hashes. For root, we will abuse GPO Permissions and explore 2 unintended privilege esc...

We are solving intelligence, a nice Windows machine on HackTheBox, created by Micah. For user, we will enumerate pdfs on a webserver & will use both the content & metadata to find valid cre...

We are solving Hutch from PG-Practice. For user, we will get credentials from LDAP & use them to upload a web shell via Webdav. For root, we will read a LAPS password for the intended way &...

We are solving Pivotapi, a 50-point Windows machine on HackTheBox. This one involves some Reverse Engineering, MSSQL, and Active Directory Attacks like Kerberoasting, ASREPRoasting, and various mis...