HackTheBox
HTB Bastion: Mounting Secrets from the Past
Windows machine walkthrough: SMB share enumeration, VHD file mounting for SAM credential extraction, and privilege escalation via mRemoteNG password decryption.
Articles
HackTheBox
HTB Valentine: Heartbleed to Root via tmux Session Hijack
Exploiting the Heartbleed vulnerability (CVE-2014-0160) to leak SSH credentials from memory, then escalating to root by hijacking an active tmux session.
HackTheBox
HTB Curling: Joomla RCE to Curl Config File Abuse
Joomla CMS exploitation for initial access through admin panel takeover, followed by Linux privilege escalation via curl configuration file abuse.
HackTheBox
HTB Beep: LFI to Root via Nmap Binary Exploitation
Elastix PBX exploitation via local file inclusion to extract credentials, then multiple paths to root including Nmap interactive mode abuse.
HackTheBox
HTB Irked Writeup: UnrealIRCd Backdoor to Root via SUID Abuse
Exploiting the UnrealIRCd 3.2.8.1 backdoor for initial shell access, then escalating to root through a custom SUID binary on Linux.
CTF Writeups
HTB Cicada: From Password Spraying to Token Abuse
Active Directory machine: password spraying for initial foothold, LDAP enumeration, and domain admin access through SeBackupPrivilege token abuse.