Personal notes from HackTheBox machines and PortSwigger Web Security Academy labs.
EscapeTwo - SMB enumeration, MSSQL xp_cmdshell, and certificate forgery via misconfigured CA template.
Flight - LFI to NTLM hash capture, SMB lateral movement, GodPotato to DCSync.
MonitorsThree - SQLi, XML signature bypass for Cacti RCE, Duplicati privesc.
Caption - GitBucket SQLi to RCE, Thrift API log injection for privilege escalation.
Clicker - Source code from NFS share, SQLi for role elevation, PERL5OPT abuse.
Editorial - SSRF to reveal internal API credentials, Git history secrets, GitPython CVE.
Alert - XSS and LFI chaining via admin contact form, Apache config disclosure.
SolarLab - Multiple RCE vectors, credential decryption.
iClean - SSTI and XSS.
UpDown - Git extraction, upload bypass, Python 2.7 injection, easy_install sudo.
Instant - APK reverse engineering with MobSF, JWT extraction, Solar-PuTTY session brute-force.
Drive - Django IDOR, setuid binary SQLi to load malicious shared object for root.
Sightless - Docker container escape via password reuse, chromedriver remote debugging exploit, Froxlor.
BoardLight - Dolibarr CRM authenticated RCE, enlightenment_sys SUID binary exploit.
Mailing - LFI for credentials, Outlook phishing for RCE, LibreOffice macro PE.
SameSite Strict Bypass via Client-side Redirect - DOM redirect to maintain same-site context.
SameSite Lax Bypass via Cookie Refresh - Two-minute window after cookie refresh.
| Date | Write-up |
|---|---|
| 2024-12-18 | HTB: Mentor |
| 2024-12-16 | HTB: UpDown |
| 2024-12-03 | HTB: MonitorsThree |
| 2024-12-03 | HTB: Alert |
| 2024-11-22 | HTB: Sea |
| 2024-11-13 | HTB: Instant |
| 2024-10-08 | HTB: Flight |
| 2024-10-04 | HTB: Clicker |
| 2024-10-04 | HTB: Escape |
| 2024-10-01 | HTB: Forest |
| 2024-09-27 | HTB: Broker |
| 2024-09-27 | HTB: Support |
| 2024-09-26 | HTB: Editorial |
| 2024-09-22 | HTB: ServMon |
| 2024-09-20 | HTB: Caption |
| 2024-09-20 | HTB: Search |
| 2024-09-13 | HTB: Sightless |
| 2024-09-10 | HTB: Cascade |
| 2024-09-09 | HTB: Jarvis |
| 2024-09-09 | HTB: Netmon |
| 2024-09-09 | HTB: Remote |
| 2024-09-04 | HTB: Jerry |
| 2024-09-04 | HTB: Love |
| 2024-08-31 | HTB: Active |
| 2024-08-31 | HTB: Arctic |
| 2024-08-31 | HTB: Bounty |
| 2024-08-31 | HTB: Buff |
| 2024-08-31 | HTB: Sauna |
| 2024-08-09 | HTB: Tabby |
| 2024-08-07 | HTB: Sunday |
| 2024-08-07 | HTB: SwagShop |
| 2024-08-06 | HTB: Precious |
| 2024-07-01 | HTB: Networked |
| 2024-07-01 | HTB: OpenAdmin |
| 2024-06-28 | HTB: Bashed |
| 2024-06-28 | HTB: Irked |
| 2024-06-24 | HTB: Blurry |
| 2024-06-07 | HTB: Pandora |
| 2024-06-05 | HTB: SolarLab |
| 2024-06-04 | HTB: WifineticTwo |
| 2024-05-30 | HTB: Mailing |
| 2024-05-30 | HTB: Ranking and Points |
| 2024-05-29 | HTB: iClean |
| 2024-05-29 | HTB: Perfection |
| 2024-05-28 | HTB: Headless |
| 2024-05-27 | HTB: BoardLight |
| 2024-05-27 | HTB: Usage |
| 2024-05-15 | HTB: Busqueda |
| 2024-05-13 | HTB: Previse |
| 2024-05-13 | HTB: Surveillance |
| 2024-01-08 | HTB: Bizness |
| Date | Write-up |
|---|---|
| 2023-11-27 | HTB: Devvortex |
| 2023-11-18 | HTB: Nibbles |
| 2023-11-14 | HTB: Pilgrimage |
| 2023-11-14 | HTB: Topology |
| 2023-11-13 | HTB: Armageddon |
| 2023-11-13 | HTB: Codify |
| 2023-11-13 | HTB: PC |
| 2023-11-13 | HTB: Sense |
| 2023-10-23 | HTB: Horizontall |
| 2023-10-19 | HTB: Drive |
| 2023-10-19 | HTB: ScriptKiddie |
| 2023-10-12 | HTB: Paper |
| 2023-10-10 | HTB: Analytics |
| 2023-10-05 | HTB: Shocker |
| 2023-10-04 | HTB: Blocky |
| 2023-10-04 | HTB: Mirai |
| 2023-10-03 | HTB: Knife |
| 2023-10-03 | HTB: Sau |
| 2023-10-02 | HTB: CozyHosting |
| 2023-10-02 | HTB: Keeper |