HackTheBox Writeups
Overview DarkCorp is a multi-layered Windows domain penetration test involving initial web vulnerabilities including Roundcube Webmail XSS (CVE-2024–42008), SQL Injection on an internal service to extract Linux credentials, lateral movement via SSH and VPN tunneling, Active Directory enumeration, Kerberos bruteforce, Group Policy Object (GPO) abuse for privilege escalation, and
HackTheBox Writeups
Welcome to Guardian (HTB), the university where passwords are weaker than cafeteria coffee. In this thrilling adventure, we’ll go from being a freshman student with identified creds → to hijacking lecturers → impersonating admins → and finally crowning ourselves the Root Principal. 🎓👑 🎬 Act 1 – Enrollment Day (Initial Foothold) Every heist starts with
HackTheBox Writeups
The Matchmaker’s Journal September 07, 2025 – Somewhere deep in the binary alleys of the cyber-dating world, you’ve been invited to play Cupid. But beware—this dating app doesn’t just break hearts, it breaks servers. And today, you’ll unmask them all. 1. Setting the Stage: Reconnaissance You
HackTheBox Writeups
Welcome, brave digital explorer! This is HackNet HTB retold that teaches you why each step works, including every single command and code snippet. Think of it as a sitcom with a side of hacking. Difficulty: beginner → intermediate (web app logic, template injection, cache shenanigans, GPG magic) Prologue: The Release Day
News
Machine IP: 10.10.11.90 Difficulty: Medium Target OS: Windows Reconnaissance Phase Initial Port Scanning — Deep Dive The reconnaissance phase is the foundation of any penetration test. We used Nmap with aggressive scanning options to perform comprehensive service enumeration: nmap -p 1-65535 -T4 -A -v 10.10.11.90
HackTheBox Writeups
Difficulty: Hard Target IP: 10.10.11.89 Attack Vector: MSSQL Linked Server Exploitation → Internal Network Pivoting → Kerberos Credential Theft 🎯 Overview DarkZero presents a sophisticated Active Directory environment with two separate domains connected via trust relationships. The attack chain involves exploiting MSSQL linked server misconfigurations, pivoting into an internal network
HackTheBox Writeups
Machine Information Attribute Details Machine Name Imagery IP Address 10.10.11.88 Difficulty Medium Operating System Linux (Ubuntu) Key Techniques XSS, Cookie Stealing, LFI, RCE, AES Cracking, Privilege Escalation Table of Contents 1. Reconnaissance 2. Initial Access 3. Privilege Escalation to User 4. Privilege Escalation to Root 5. Key
HackTheBox Writeups
Once upon a late-night session in the cyber underground, I stumbled across a fresh “Expressway” box on HackTheBox — a promised route to digital mastery and a cautionary tale of misconfigured VPN gateways and homemade privilege escalation tools. Like a true cyber-detective, I geared up, eager for something deeper than just