YPYogesh Peelainexploitnotes.hashnode.dev·2d ago · 5 min readHackTheBox: Postman WriteupSummary Postman is an easy-rated Linux machine on HackTheBox. The box exposes an unauthenticated Redis instance that allows writing an SSH public key to the redis user's .ssh directory, granting initi00
YPYogesh Peelainexploitnotes.hashnode.dev·Jun 16 · 9 min readHackTheBox - Snapped WriteupDifficulty: Medium OS: Linux Tags: nginx-ui CVE-2026-27944 backup-disclosure bcrypt snapd CVE-2026-3888 race-condition suid privilege-escalation Reconnaissance We begin with a standard nmap scan to 00
YPYogesh Peelainexploitnotes.hashnode.dev·Jun 16 · 7 min readTryHackMe - NerdHerd writeupPlatform: TryHackMeDifficulty: EasyOS: Linux Reconnaissance Nmap nmap -sC -sV -p- -A MACHINE_IP -oA nmap Open ports: 21/tcp — vsftpd 3.0.3 (Anonymous FTP allowed) 22/tcp — OpenSSH 7.2p2 (Ubuntu) 00
YPYogesh Peelainexploitnotes.hashnode.dev·Jun 15 · 3 min readTryhackme - Library WriteupPlatform: TryHackMeDifficulty: EasyOS: Linux Reconnaissance Nmap nmap -sC -sV -A MACHINE_IP -oA nmap Open ports: 22/tcp — OpenSSH 7.2p2 (Ubuntu) 80/tcp — Apache 2.4.18, title: Welcome to Blog - Li00
YPYogesh Peelainexploitnotes.hashnode.dev·Jun 13 · 10 min readTryHackMe - VulnNet WriteupPlatform: TryHackMeDifficulty: Medium Reconnaissance Nmap nmap -sC -sV -A MACHINE-IP -oA nmap Starting Nmap 7.98 at 2026-06-12 06:47 -0400 Nmap scan report for 10.49.133.153 Host is up (0.075s lat00
RPRebika Parajuliinpico-ctf.hashnode.dev·Jun 12 · 3 min readkeygenme-py | CyLab Security Academy (PicoCTF)keygenme-py is a Medium level ctf challenge in the reverse engineering domain. A python script with no instructions in present in this challenge. A file named keygenme-trial.py is provided. Upon downl00
JTJeff Tonginwind010.hashnode.dev·Jun 12 · 13 min readDeeper Malware Binary AnalysisWe've setup the docker container with disassemblers like radare2 in the previous post. Separation of Concerns I'm going to use radare2 to slice out by offset/size from the header. We used file and obj00
YPYogesh Peelainexploitnotes.hashnode.dev·Jun 12 · 7 min readTryHackMe - Fusion Corp WriteupPlatform: TryHackMeDifficulty: Easy Reconnaissance Nmap nmap -sC -sV -A MACHINE-IP -oA nmap The scan immediately tells us this is a Domain Controller — port 88 (Kerberos), 389/3268 (LDAP), and 5985 00
RPRebika Parajuliinpico-ctf.hashnode.dev·Jun 12 · 2 min readFirst Grep | CyLab Security Academy (PicoCTF)First Grep is a General Skill, easy challenge intending on the use of Grep tool. We are provided with the following details along with a file containing flag. Can you find the flag in the file? This w00
YPYogesh Peelainexploitnotes.hashnode.dev·Jun 8 · 4 min readIceman - dalCTF 2026Flag: dalctf2026{open-ticket-send-me-ur-fav-song-in-album6}Category: Web / GraphQL / JWT Overview A music-themed GraphQL API protected by JWT-based tier access control. The goal was to escalate from 00
