Write-ups
My journey through Hack The Box machines and bug bounty challenges
More Write-ups on Medium
Most of my Hack The Box machine write-ups are available on my Medium profile with detailed explanations and step-by-step guides.
Visit MediumSome write-ups are password protected. You'll need the correct password to access them.
Editor
A Linux machine involving XWiki exploitation via CVE-2025-24893, credential extraction, and PATH hijacking for privilege escalation.
Era
A Linux machine involving vhost enumeration, IDOR vulnerability, hash cracking, SSRF exploitation, and binary signing for privilege escalation.
JinjaCare
A web application vulnerability challenge focusing on SSTI (Server-Side Template Injection) and RCE exploitation techniques.
NeoVault
A banking web application challenge involving MongoDB Object ID prediction and JWT token exploitation.
Code
A Python-based web application with command injection vulnerabilities and privilege escalation challenges.
Nocturnal
A challenging Hack The Box Linux-based machine involving web exploitation and privilege escalation techniques.
Dog
A Linux machine involving git repository dumping, RCE exploitation, and privilege escalation through sudo misconfiguration.
Outbound
A Linux machine featuring Roundcube webmail exploitation, session decryption, and privilege escalation through log symlink vulnerability.
More write-ups coming soon...