HackTheBox: DarkZero Writeup
Hard Windows Active Directory machine featuring MSSQL linked server lateral movement across two forests, CVE-2024-30088 kernel LPE to SYSTEM, and unconstrained delegation abuse for domain takeover.
the🖊️testing.ninja
Hacking and Offensive Security Content.
HackTheBox: StreamIO Writeup
StreamIO is a medium Windows Active Directory box. SQL injection on a PHP login page leaks MD5 hashes, cracking them gets admin panel access, where a hidden debug parameter enables LFI and PHP source disclosure leading to RCE via eval(). Pivoting through MSSQL and Firefox saved credentials exposes an AD path through LAPS.
🔒 HTB: Garfield Writeup
Detailed writeup of Season 10 Hack The Box Garfield machine. 🔒 Protected Content
HackTheBox: Authority Writeup
Medium Windows Active Directory box where Ansible Vault secrets on an SMB share lead to PWM credential theft, then ESC1 ADCS abuse for domain admin.
HackTheBox: Craft Writeup
Craft is a medium Linux machine featuring a Python eval injection in a craft beer REST API, credential leakage via a self-hosted Gogs instance, and privilege escalation through HashiCorp Vault OTP SSH.
HackTheBox: VulnCicada Writeup
Windows AD machine where NFS exposes a credential in a sticky note photo, NTLM is disabled forcing Kerberos throughout, and ESC8 lets us relay the DC machine account to ADCS for a certificate-based takeover.
HackTheBox: Jeeves Writeup
A medium Windows box featuring an unauthenticated Jenkins instance, a KeePass database holding an NTLM hash, and a flag hidden inside an NTFS Alternate Data Stream.
🔒 HTB: DevArea Writeup
Detailed writeup of Season 10 Hack The Box DevArea machine. 🔒 Protected Content
HackTheBox: Media Writeup
Medium Windows box where a hiring page file upload is abused to steal an NTLMv2 hash via a Windows Media Player playlist, leading to SSH access and a SeTcbPrivilege escalation to SYSTEM.
HackTheBox: Administrator Writeup
Medium Windows Active Directory box starting with given credentials. Exploit an ACL chain to pivot accounts, crack a PasswordSafe backup, and abuse GenericWrite to Kerberoast a DCSync-capable user.
🔒 HTB: Kobold Writeup
Detailed writeup of Season 10 Hack The Box Kobold machine. 🔒 Protected Content
HackTheBox: Conversor Writeup
Conversor is a medium Linux machine featuring XSLT injection via an EXSLT file-write primitive, credential harvesting from a SQLite database, and privilege escalation through a misconfigured needrestart sudo rule.
HackTheBox: Postman Writeup
Postman is an easy Linux box featuring an unauthenticated Redis instance, SSH key injection for initial access, a crackable encrypted private key, and a Webmin RCE vulnerability for root.
HackTheBox: Trick Writeup
Trick is an easy Linux machine on HackTheBox combining DNS zone transfer enumeration, SQL injection, local file inclusion, and SMTP mail poisoning for foothold, then abusing a writable fail2ban action directory to escalate to root.
CTF: Ouro no Pescoço Revenge Writeup
Multi-stage web challenge chaining DOM poisoning, dual CSPT, a semicolon-based query parser discrepancy between Flask and Quarkus, and a Unicode SSRF bypass via furl to read and exfiltrate a server-side flag.
🔒 HTB: VariaType Writeup
Detailed writeup of Season 10 Hack The Box VariaType machine. 🔒 Protected Content
HTB: Gavel Writeup
Gavel is a medium Linux machine featuring an exposed .git repository, a creative backtick-based SQL injection, PHP rule code execution via an admin panel, and a custom YAML-driven privilege escalation.
HTB: Principal Writeup
Medium Linux box exploiting CVE-2026-29000, a critical auth bypass in pac4j-jwt using a forged PlainJWT to gain admin access, leading to RCE via SSH certificate forgery.
HackTheBox: Expressway Writeup
Easy Linux box involving UDP enumeration, IKE Aggressive Mode PSK capture and cracking, SSH foothold, and privilege escalation via CVE-2025-32462 sudo hostname bypass.
HackSmarter: City Council Writeup
Medium Windows AD box where credential capture from a trojanized app leads through Kerberoasting, NTLM theft, DPAPI extraction, and SeImpersonatePrivilege abuse to Domain Admin.
🔒 HTB: Pirate Writeup
Detailed writeup of Season 10 Hack The Box Pirate machine. 🔒 Protected Content
HackSmarter: Exception Writeup
Medium Linux box from HackSmarter. Exploit CVE-2021-22911 NoSQL injection in Rocket.Chat 3.12.1 to achieve RCE, find database credentials in a leftover backup file that works for SSH, and escalate via a misconfigured sudo rule.
🔒 HTB: Interpreter Writeup
Detailed writeup of Season 10 Hack The Box Interpreter machine. 🔒 Protected Content
HTB: Giveback Writeup
Giveback is a medium Linux machine involving a GiveWP PHP Object Injection RCE, pivoting through Kubernetes pods via chisel, exploiting PHP-CGI parameter injection, and escaping to root via a runc wrapper misconfiguration
HackSmarter: GitOops Writeup
A medium-difficulty HackSmarter lab where a public Gitea instance leaks a Terraform state file from a misconfigured S3 bucket, exposing an SSH private key and enabling an Atlantis RCE chain to root.
HTB: Soulmate Writeup
A Linux box featuring CrushFTP exploitation, credential discovery in Erlang configuration files, and privilege escalation through an Erlang SSH daemon allowing arbitrary command execution as root.
🔒 HTB: WingData Writeup
Detailed writeup of Season 10 Hack The Box WingData machine. 🔒 Protected Content
HTB: Signed Writeup
A Windows Active Directory box involving SQL Server authentication relay attacks, Kerberos ticket forging, and NTLM reflection to achieve SYSTEM access through creative pivoting techniques.
🔒 HTB: Pterodactyl Writeup
Detailed writeup of Season 10 Hack The Box Pterodactyl machine. 🔒 Protected Content
HTB: CodePartTwo Writeup
CodePartTwo is an easy-difficulty Linux machine featuring a vulnerable JavaScript execution sandbox that can be escaped to gain initial access, followed by weak credential recovery and privilege escalation through backup utility manipulation.
HackSmarter: StellarComms Writeup
Step-by-step guide for StellarComms, a medium Active Directory box on HackSmarter. We exploit DACL misconfigurations and perform advanced credential recovery.
HTB: Imagery Writeup
Imagery is a medium-difficulty Linux box where blind XSS leads to admin access, file traversal leaks source code, command injection gains a shell, and a sudo-abused backup tool escalates to root.
OSCP Certification: Review
My journey to earning the OSCP: How I scored 100 points in just 7 hours. This review covers my preparation, the exam environment, and crucial success tips.
HTB: Browsed Writeup
Browsed is a medium-difficulty Linux machine that begins with a browser extension upload portal. By discovering an internal Gitea instance through SSRF and exploiting a bash arithmetic injection vulnerability in a routine script, we gain initial access. Privilege escalation is achieved through Python bytecode cache poisoning to execute code as root.
HTB: Voleur Writeup
Voleur is a medium-difficulty Active Directory machine featuring password-protected Excel files, targeted Kerberoasting via WriteSPN abuse, AD object restoration, DPAPI credential extraction, and privileged access through WSL-accessible domain backups.
HackSmarter: Welcome Writeup
A complete writeup of the HackSmarter 'Welcome' machine. Learn about Active Directory privilege escalation, PDF cracking, and ADCS certificate abuse.
APISEC-CON CTF May 2025 - Writeups
Solutions for the API security challenges featured in the APISEC-CON CTF (May 2025). I cover broken object-level authorization and complex API vulnerability.
BSCP Certification: Review
Reviewing the Burp Suite Certified Practitioner (BSCP) exam. Learn the best strategies for using Burp Suite Professional to pass this rigorous web cert exam.
b01lersc CTF 2025 - Web Writeup
Detailed write-up for two challenging web tasks from b01lersc CTF 2025. I break down the exploitation chain from discovery to obtaining the final flag easily.
HTB Cyber Apocalypse 2025 - AI Challenges
Exploring the AI category in the HTB Cyber Apocalypse 2025 CTF. This write-up covers prompt injection and model manipulation challenges with step-by-step logic.
HTB Cyber Apocalypse 2025 - Web Challenges
Comprehensive solutions for the Web challenges during the HTB Cyber Apocalypse 2025 CTF. Learn about modern web vulnerabilities and bypasses used in the event.
APISEC CTF 2025 - Writeup
A detailed walkthrough of the APISEC CTF 2025, featuring the 'One Request to Rule Them All' challenge. Includes a full video guide and technical methodology.
CBBH/CWES Certification: Review
A deep dive into the Hack The Box CBBH, now CWES certification. Explore my preparation strategy, exam difficulty review, and advice for aspiring web testers.
CAPenX Certification: Review
My comprehensive review of the SecOps Group CAPenX certification. I share my exam experience, study resources, and essential tips for passing on your first try.
Welcome to my blog 👋
Welcome to my cybersecurity blog! Join me as I document my journey through certifications, CTFs, and lab walkthroughs while sharing technical insights daily.