We are solving Sink, a 50-point Linux machine on HackTheBox that involves HTTP Request Smuggling & retrieving secrets from Localstack. Notes Reads https://nathandavison.com/blog/ha...

On a recent video someone asked a good question in the comments about why we can shutdown a box when our user has SeShutdownPrivilege listed as disabled: whoami /all ... Privilege Name ...

We are solving UT99, an intermediate windows box on PG Practice. On this box, we are going to exploit an SEH based buffer overflow. And to make it a bit more fun we’ll do that one manually instead ...

This video is about Unobtainium, a 40-point Linux machine on HackTheBox. For user, we download an electron app and proxy it through burp to find some credentials, which we can then use on an API en...

This video is about Knife, a 20-point machine on HackTheBox that involves the zerodium php backdoor and using “sudo knife” to become root.

AuthBy is a medium difficulty Windows machine on PG Practice. It involves getting FTP access to the web root of a web application and uploading a PHP web shell. For root, we’ll exploit the SeImpers...

User We start our exploration by running a full portscan: nmap -sV -sC proper.htb PORT STATE SERVICE VERSION 80/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP) |_http-server-head...

We are solving Crossfit2, a 50-point OpenBSD machine on HackTheBox. Notes Websocket Proxy Author: https://rayhan0x01.github.io/ctf/2021/04/02/blind-sqli-over-websocket-automation.html from ht...

We are solving TheNotebook, a 30-point Machine on HackTheBox where we’ll modify a JWT Token, upload a PHP-Webshell and use a Docker CVE to escalate privileges.

We are solving Armageddon, a really easy 20-point machine on HackTheBox that involves the drupalgeddon exploit, reading & cracking a password from the database, and finally exploiting “sudo sna...