Blog archive
30 published posts.
-
HTB Writeup - Freelancer
**No Spoilers Hints** - Registration flows reveal more than they should. - Look for admin tooling and backend trust mistakes. Enumeration We start off with a...
-
HTB Writeup - Cicada
**No Spoilers Hints** - Start with SMB and read-only shares. - Directory data leaks more than the login screen. Enumeration As usual, we start off with an nm...
-
HTB Writeup - Caption
**No Spoilers Hints** - Git hosting and SQL tooling both deserve attention. - Internal services sit behind a trust boundary. Enumeration As usual, we start o...
-
HTB Writeup - Gobox
**No Spoilers Hints** - Template rendering deserves a closer look. - Go-based services often hide surprising injection paths. Enumeration As per usual, we st...
-
HTB Writeup - Sightless
**No Spoilers Hints** - The first foothold is a browser-based SQL tool. - Local-only services and admin panels matter later. Enumeration As usual, we start o...
-
HTB Writeup - Blurry
**No Spoilers Hints** - The web app wants local setup before anything useful. - Look closely at ML tooling and model handling. Enumeration As usual, we start...
-
HTB Writeup - Trickster
**No Spoilers Hints** - Source control leaks the important admin path. - Containerized tooling hides the real privilege boundary. Enumeration As usual, start...
-
HTB Writeup - Instant
**No Spoilers Hints** - The mobile app is part of the attack surface. - Inspect the APK, not just the website. Enumeration As usual, we start off with an nma...
-
HTB Writeup - Grandpa
**No Spoilers Hints** - Old IIS-era web servers deserve immediate scrutiny. - Classic web-server CVEs fit this box. Enumeration As usual, we start off with a...
-
HTB Writeup - Paper
**No Spoilers Hints** - WordPress is only the start here. - Linux service abuse appears later in the chain. Enumeration Let's start off with an nmap scan as...
-
HTB Writeup - Sau
**No Spoilers Hints** - Proxying requests to localhost opens the real target. - A sudo pager can become a shell. Enumeration As usual, we start off with an n...
-
HTB Writeup - Buff
**No Spoilers Hints** - A flaky local service can break the whole chain. - Restarting can bring the missing piece back. Hints 1. There is something in this b...
-
HTB Writeup - Traverxec
**No Spoilers Hints** - A vintage web server exposes home-directory content. - Configuration files and user-owned archives matter. Enumeration As usual, we s...
-
HTB Writeup - Traceback
**No Spoilers Hints** - Hidden comments point to the real entry point. - Watch for login-time scripts and writable MOTD files. Enumeration As usual, we start...
-
HTB Writeup - Precious
**No Spoilers Hints** - Rendered documents are the weak link. - Watch where URLs become PDFs. Enumeration As usual, we start with an nmap scan to get a listi...
-
HTB Writeup - Knife
**No Spoilers Hints** - Version-specific PHP behavior is the key clue. - Check scheduled tasks and sudo allowances after entry. Enumeration As usual, we star...
-
HTB Writeup - Greenhorn
**No Spoilers Hints** - Look for reused secrets in the web app. - CMS plugins and local services both matter. Enumeration As usual, we start off with an nmap...
-
HTB Writeup - MonitorsThree
**No Spoilers Hints** - The monitoring stack leaks useful application context. - Internal backup tooling becomes relevant later. Enumeration As usual, we sta...
-
HTB Writeup - Cap
**No Spoilers Hints** - Packet captures can leak the first breadcrumb. - Capability scans matter more than SUID here. Hints Enumeration As usual, we start wi...
-
HTB Writeup - Nibbles
**No Spoilers Hints** - Old blog software and plugin paths are important. - Local privilege checks finish the job. Hints - Ensure that you are enumerating th...
-
HTB Writeup - Devel
**No Spoilers Hints** - FTP and web content share the same writable surface. - Think legacy Windows web-service flaws after that. Enumeration nmap to start o...
-
HTB Writeup - Bashed
**No Spoilers Hints** - Hunt the developer-only path hidden from normal browsing. - A scheduled script changes hands in a writable directory. Enumeration We...
-
HTB Writeup - Legacy
**No Spoilers Hints** - Old Windows networking is the whole story. - A classic SMB-era flaw fits the banner. Enumeration We start with an nmap as usual: We s...
-
HTB Writeup - Optimum
**No Spoilers Hints** - Simple file-serving software is the real target. - Banner versioning points to a classic Windows flaw. Enumeration We start with an n...
-
HTB Writeup - Blue
**No Spoilers Hints** - SMB versioning tells you almost everything here. - Patch-level Windows flaws beat brute-force enumeration. Background Just from the n...
-
HTB Writeup - Netmon
**No Spoilers Hints** - Monitoring software often stores sensitive configuration. - FTP and web management should both be checked. Enumeration We start of wi...
-
HTB Writeup - IClean
**No Spoilers Hints** - Template rendering and serialization both deserve scrutiny. - Configuration files may reveal the useful pivot. Enumeration Firstly, w...
-
HTB Writeup - Runner
**No Spoilers Hints** - CI/CD infrastructure is the real attack surface. - Backup and container features both matter. Enumeration As usual, we start off with...
-
HTB Writeup - Cascade
**No Spoilers Hints** - Null sessions still matter on this domain controller. - Shares and directory services hide the first clues. Breaking In Starting off...
-
AI and the Primates That Forgot How to Make Fire
AI and the primates that forgot how to make fire There's no denying that AI is an incredibly disruptive technology. Disruptive. Or whatever fancy words marke...