LATEST

WRITEUPS_ARCHIVE

Featured

FEATUREDHackTheBox2026-03-281 min read

HackTheBox: VariaType — Git History Leak, CVE-2025-66034 fontTools RCE & Sudo Privesc to Root

Full walkthrough of the VariaType machine from HackTheBox. Exploiting an exposed .git directory to recover hardcoded credentials, chaining CVE-2025-66034 arbitrary file write in fontTools for RCE, abusing ZIP filename injection to plant an SSH key as steve, then leveraging a misconfigured sudo Python script to write root's authorized_keys.

##HTB##VariaType##CVE-2025-66034

Read Report

Latest Writeups

3 posts

HackTheBox2026-03-281m

HackTheBox: VariaType — Git History Leak, CVE-2025-66034 fontTools RCE & Sudo Privesc to Root

##HTB##VariaType

Read

HackTheBox2026-03-121m

HackTheBox: Pirate — Multi-Host AD Attack Chain (gMSA + RBCD + Constrained Delegation)

Full walkthrough of the Pirate machine from HackTheBox. A Hard-rated Windows Active Directory box chaining Pre-Windows 2000 Compatible Access, gMSA password extraction, Ligolo-ng pivoting, NTLM Relay + RBCD to WEB01, and SPN injection with Constrained Delegation abuse to compromise DC01 as Domain Admin.

##HTB##Pirate

Read

HackTheBox2026-03-071m

HackTheBox: CCTV - ZoneMinder SQLi, SSH Pivot & motionEye RCE to Root

Full walkthrough of the CCTV machine from HackTheBox Season 10. Exploiting ZoneMinder's time-based blind SQL injection to dump credentials, SSH pivot with port forwarding to reach internal motionEye, and chaining command injection via picture_filename for a root shell.

##HTB##CCTV

Read

More Writeups

7 posts

Tools & Guides2026-02-26 · 1m read

Active Directory Enumeration & Attack: Tools of the Trade

A comprehensive guide to the essential tools used for gathering situational awareness and attacking Active Directory environments from both Windows and Linux hosts.

HackTheBox2026-02-22 · 1m read

HackTheBox: Pterodactyl - CVE-2025-49132 RCE & Chained LPE to Root

Full walkthrough of the Pterodactyl machine from HackTheBox Season 10. Exploiting CVE-2025-49132 for unauthenticated RCE on Pterodactyl Panel v1.11.10, credential dumping via MariaDB, hash cracking, and chaining CVE-2025-6018 + CVE-2025-6019 for a full local privilege escalation to root.

HackTheBox2026-02-04 · 1m read

🛡️ Your Definitive Guide and Review on HackTheBox CJCA: A Journey of Resilience (Copy)

From 0 flags to a 100-point sweep. An honest, deep-dive review of the HTB CJCA certification, overcoming medical setbacks, and mastering the art of commercial-grade reporting.

HackTheBox2026-02-02 · 1m read

HackTheBox: Facts - Deep Dive into Camaleon CMS LFI & Facter PrivEsc

Detailed walkthrough of the 'Facts' machine from HackTheBox Season 10. Exploiting CVE-2024-46987 in Camaleon CMS to exfiltrate SSH keys and leveraging Facter's custom directory for root privilege escalation.

Tools & Guides2026-01-23 · 1m read

🛡️ CompTIA Security+ SY0-701: My Odyssey from Zero to Certified (798/900)

A real, honest review of my journey through the SY0-701. From leveraging the 4 pillars of preparation to surviving the tricky PearsonVUE proctored exam.

Tools & Guides2026-01-17 · 1m read

React2Shell (CVE-2025-55182): Breaking the Server Boundary in React Server Components

React2Shell is not just another injection bug. It cuts straight through the abstraction React Server Components are built on, turning what should be a structured, declarative server rendering pipeline into a potential remote code execution primitive.

Tools & Guides2026-01-11 · 1m read

🎯 I Spent $99 on 12 Cybersecurity Certifications - Here’s the Honest Truth About cyberwarfare labs

Twelve cybersecurity certifications for the price of dinner. I tested Cyberwarfare Labs so you know whether it’s genius or garbage.....