YPYogesh Peelainexploitnotes.hashnode.dev·2d ago · 13 min readHackTheBox: Delegate WriteupSummary Delegate is an Active Directory box built around a chain of AD misconfigurations rather than a single bug. Anonymous/guest SMB access leaks a logon script (users.bat) on the NETLOGON share con00
YPYogesh Peelainexploitnotes.hashnode.dev·2d ago · 35 min readHackTheBox: Phantom WriteupExecutive Summary Phantom is an Active Directory box where the entire path from unauthenticated guest to Domain Admin comes down to credential reuse and secrets sitting in accessible file shares. Ther00
YPYogesh Peelainexploitnotes.hashnode.dev·Jul 4 · 10 min readHackTheBox: Watcher WriteupSummary Watcher is a Linux box built around a self-hosted Zabbix monitoring stack. The front door isn't a permissions misconfig at all - it's a real Zabbix CVE (CVE-2024-22120), a time-based blind SQL00
YPYogesh Peelainexploitnotes.hashnode.dev·Jul 4 · 18 min readHackTheBox: Phoenix WriteupSummary Phoenix is a WordPress box with a long, winding path to root. The short version: an unauthenticated SQL injection in a forum plugin leaks the whole WordPress database, which gives admin creden00
YPYogesh Peelainexploitnotes.hashnode.dev·Jul 2 · 7 min readHackTheBox: vulnEscape WriteupSummary Escape is a Windows box that exposes only RDP (3389). The RDP session drops you into a locked-down kiosk account (KioskUser0) meant for a "Conference Display" app. The box is solved entirely t00