NINeville Iregiinm0ng00s3-blog.hashnode.dev·May 5 · 9 min readHack The Box: PennyworthPennyworth is a Linux machine that focuses on exploiting weak credentials and remote command execution in. Default credentials can be used to get administrative access into Jenkins with which the Scri00
Rrecca0120inrecca0120.hashnode.dev·Apr 21 · 3 min readreverse_ssh: Manage Reverse Shells With Native SSH Syntax, No VPN RequiredOriginally published at recca0120.github.io You need to connect to a machine behind NAT with no public IP and inbound traffic blocked. The usual answers are VPN or ngrok-style tunnels, but both require setup on the target. reverse_ssh has the target ...00
NINeville Iregiinm0ng00s3-blog.hashnode.dev·Mar 21 · 12 min readHack The Box Lab: ThreeOrganizations of every type, size, and industry are using the cloud for a wide variety of use cases, such as data backup, storage, disaster recovery, email, virtual desktops, software development and 00
VNVũ Nhật Lâminblog.fiscybersec.com·Dec 8, 2025 · 8 min readPhân tích chiến dịch tấn công Tomiris 2025 – Báo cáo kỹ thuật chi tiếtTrong quá trình theo dõi nhóm APT Tomiris, chúng tôi đã phát hiện một loạt chiến dịch tấn công mới bắt đầu từ đầu năm 2025. Các hoạt động này nhắm vào các bộ ngoại giao, tổ chức liên chính phủ, và cơ quan nhà nước, cho thấy mục tiêu rõ ràng là cơ sở ...00
JSJonas Satkauskasincyberjourney.eu·Oct 20, 2025 · 4 min readHTB CPTS: Study session (Transferring files, Knowledge sources, Vulnerable Machines and apps, Reverse shell)Transferring files During any penetration testing exercise, it is likely that we will need to transfer files to the remote server. There are few options for this: One method is running a Python HTTP server on our machine and then using wget or cUR...00
SSShaikh Shafeeninkurtnettle.hashnode.dev·Aug 9, 2025 · 2 min readShell Upload | Task 6Problem Statement Prerequisites Network fundamentals (IP addresses, ports) netcat (basics like creating simple server) Familiarity in using a reverse shell Solution Our goal is to execute/run the shell on the server somehow, so how can we do it...10
BBradinbradoncloud009.hashnode.dev·Jul 30, 2025 · 2 min readR.A.V.E.N. Exploit Walkthrough: Rooting GetSimpleCMS via Theme Template InjectionWelcome to another breakdown in the R.A.V.E.N. series — a branded, modular approach to privilege escalation. Today, we're dissecting a black box engagement on HTB’s “GetSimple” machine, where remote exploitation leads to root access through theme tem...00
EFElizabeth Fallstaringhosthermes.hashnode.dev·Jul 4, 2025 · 2 min read“Oops, All Vulnerabilities!” Hackthebox Starting Point Oopsie 2025 writeupOopsie: When Access Control is a Suggestion Let’s set the scene: it’s a Friday in 2025, the world’s still spinning, and I’m jacked into the HackTheBox VPN, ready to see what fresh horrors await in the Oopsie lab. The name alone suggests someone, some...00
JJebitokinsharonjebitok.com·Jul 1, 2025 · 4 min readChallenges: LazyAdmin (TryHackMe)In this walkthrough, we exploit a vulnerable machine titled Lazy Admin on TryHackMe. The target is running a SweetRice CMS instance with known vulnerabilities. Our objectives are to gain user-level access and ultimately escalate privileges to retriev...00
EFElizabeth Fallstaringhosthermes.hashnode.dev·Jun 29, 2025 · 4 min readHow I Used Perplexity AI Spaces on Kali Purple to Master Hack The Box ChallengesIntroduction Self-learning cybersecurity is a gauntlet of frustration and revelation. Traditional resources—endless forums, scattered documentation, and YouTube rabbit holes—often leave you stranded at the first error message or cryptic tool output. ...00
