Writeup for the "Titanic" machine on HackTheBox. It involves exploiting LFI to discover sensitive Gitea configuration and database files, cracking PBKDF2 hashes for SSH access, and escalating privileges via a shared library injection in ImageMagick (CVE-2024-41817).

Walkthrough of the "Jerry" machine on HackTheBox. It involves brute-forcing Tomcat Manager credentials, deploying a WAR reverse shell, and retrieving both user and root flags from a Windows system.

Writeup for the "Nibbles" machine on HackTheBox. It involves discovering a vulnerable Nibbleblog CMS, exploiting it via Metasploit for initial access, and escalating privileges by abusing a writable script with sudo rights.

Walkthrough of the "Active" machine on HackTheBox, showcasing SMB enumeration, GPP password extraction, Kerberoasting, and gaining SYSTEM access via Impacket's PsExec.

Walkthrough of the "Markup" machine on HackTheBox, featuring enumeration, XML external entity (XXE) injection to gain a user shell, and privilege escalation via writable batch script to SYSTEM.

Detailed walkthrough of the Sea room on HackTheBox platform, covering initial enumeration, exploiting vulnerabilities, and obtaining user and root flags.

My writeups for b01lers CTF 2025 - b01lers CTF is a CTF hosted by Purdue University's b01lers CTF team.

Detailed walkthrough of the hackdonalds challenge on Intigriti platform, covering initial enumeration, exploiting vulnerabilities, and obtaining user and root flags.

This blog will contain all the writeups for MetaCTF 2025

This blog will contain all the writeups for XSS Labs from Portswigger

This blog will contain all the writeups for SQL Injection Labs from Portswigger

Busqueda is an Easy Difficulty Linux machine that involves exploiting a command injection vulnerability present in a `Python` module. By leveraging this vulnerability, we gain user-level access to the machine. To escalate privileges to `root`, we discover credentials within a `Git` config file, allowing us to log into a local `Gitea` service. Additionally, we uncover that a system checkup script can be executed with `root` privileges by a specific user. By utilizing this script, we enumerate `Docker` containers that reveal credentials for the `administrator` user and `Gitea` account. Further analysis of the system checkup script and source code in a `Git` repository reveals a means to exploit a relative path reference, granting us Remote Code Execution (RCE) with `root` privileges.

Learn about and get hands-on with common technologies and security products used in corporate environments; both host and network-based security solutions are covered.