May 4 · 3 min read · So HTB gave us a file upload challenge. Filters everywhere. The dev thought they were clever. They were not. Step 1 — Recon Homepage is useless. Navigate to /contact — file upload form. The attacker'
Join discussion
Feb 17 · 3 min read · ReactOOPS is a web-focused challenge that demonstrates how modern JavaScript frameworks can introduce critical backend vulnerabilities when misconfigured. In this walkthrough, we enumerate a Next.js application, identify a vulnerable React Server Com...
Join discussionFeb 12 · 5 min read · Crocodile is a beginner-friendly Linux room that focuses on fundamental enumeration techniques, including Nmap scanning, anonymous FTP access, and directory brute forcing. In this walkthrough, we will take a structured approach to identifying exposed...
Join discussionFeb 10 · 3 min read · This write-up follows the same format and structure as my previous articles, combining short theoretical questions with a practical walkthrough to demonstrate how a misconfigured MySQL/MariaDB service can expose sensitive data. Task 1 During our sca...
Join discussionFeb 8 · 3 min read · This article focuses on identifying and exploiting a misconfigured Redis service using the Redeemer room on HackTheBox. It combines essential theory with hands-on enumeration to show how exposed Redis instances can leak sensitive data. Task 1 Which ...
Join discussionFeb 7 · 3 min read · This blog post documents my complete walkthrough of the Meow box on HackTheBox, from the theoritical questions to the practical enumeration phase. The goal was to practice a basic telnet login for beginners. This is part of the “Starting Point” found...
Join discussionJan 27 · 5 min read · Core Skills for IT Technicians, Network Engineers, Defenders & Pentesters Introduction Every system tells a story.Not in logs.Not in dashboards.But on the wire. Every login, every file transfer, every scan, every misconfiguration — legitimate or mal...
Join discussion
Jul 15, 2025 · 2 min read · Recently, I completed the Seasonal HTB machine "Outbound" and wanted to document my journey and methodology — without spoiling anything for others who want to take on the challenge themselves. So let’s start:As always, I began with a full port scan a...
Join discussionFeb 18, 2024 · 9 min read · This is the write-up for the Builder machine from Hack The Box. This machine is based on the recent Jenkins Arbitrary File Read vulnerability noted on CVE-2024-23897. Enumeration We start executing a full port scan on the host. ─[us-vip-8]─[10.10.14....
Join discussion
