YPYogesh Peelainexploitnotes.hashnode.dev·Jul 4 · 18 min readHackTheBox: Phoenix WriteupSummary Phoenix is a WordPress box with a long, winding path to root. The short version: an unauthenticated SQL injection in a forum plugin leaks the whole WordPress database, which gives admin creden00
YPYogesh Peelainexploitnotes.hashnode.dev·Jul 2 · 11 min readHackTheBox: Manage WriteupSummary Manage is a Linux box built around an exposed Java RMI / JMX service running alongside an Apache Tomcat 10.1.19 web server. The JMX endpoint had no authentication configured, which allowed a r00
YPYogesh Peelainexploitnotes.hashnode.dev·Jul 1 · 9 min readHackTheBox: Reset WriteupSummary Reset is a Linux box built around a chain of web application logic flaws and a legacy authentication misconfiguration. Initial access starts with a password reset endpoint that leaks the new a00
YPYogesh Peelainexploitnotes.hashnode.dev·Jun 27 · 18 min readHackTheBox: FireFlow WriteupExecutive Summary FireFlow is a Linux machine running a fictional "Task Force Nightfall" intelligence platform. The web application exposes a Langflow instance (flow.fireflow.htb) with a public flow p00
JSJacob Strixinegnworks.hashnode.dev·Jun 20 · 6 min readCVE-2026-33017 Unauthenticated RCE in Langflow and the 20 Hour ExploitOriginally published on Egnworks. Langflow versions before 1.9.0 expose an unauthenticated remote code execution flaw in the public flow build endpoint. An attacker who sends a single crafted POST re20
YPYogesh Peelainexploitnotes.hashnode.dev·Jun 20 · 7 min readHackTheBox: Bamboo WriteupSummary Bamboo is a HackTheBox machine that chains together a Squid proxy pivot, an authentication bypass in PaperCut NG (CVE-2023-27350), and a PATH hijack privilege escalation to reach root. The exp00
VNVũ Nhật Lâminblog.fiscybersec.com·Jun 9 · 10 min readCVE-2026-5426 — KnowledgeDeliver Exploited as a Zero-Day via ViewState DeserializationSummary CVE-2026-5426 lets an unauthenticated attacker achieve OS-level remote code execution (RCE) on any internet-facing KnowledgeDeliver instance with a single HTTP request. The root cause is not a00
SGShiva Gaireindev.shivagaire.com.np·May 22 · 12 min readHow a fake client's project tried to hack my machine with RCESomeone messaged me on LinkedIn pitching a project idea. The repo he sent had a remote code execution backdoor in it. This is what it did and how I survived the linkedin lead that turned malicious wit00
TTuannqinblogs.night-wolf.io·May 21 · 11 min readFrom Privilege Escalation to RCE in Wiki.jsI was poking around Wiki.js 2.5.312 one afternoon — as one does — when I found two vulnerabilities that chain together beautifully to turn a wiki moderator into a root shell. One report got accepted. 10
JJebitokinsharonjebitok.com·May 6 · 14 min readPlant Photographer (TryHackMe)Plant Photographer is a TryHackMe challenge built around a botanist's personal portfolio website running on Werkzeug/Python. The box covers three main vulnerability classes: SSRF (Server-Side Request 00