Sense is kind of mixed box for me. I wasn’t particularly fond of the long brute forcing fishing for a file, but getting code execution was pretty interesting for the exploit. I also wrote up a python script to fully automate the exploitation once you have valid credentials (see at... [Read More]

This is probably one of the best boxes released on HTB thus far. Each step felt like a treasure hunt, also I really enjoyed getting more familiar with MongoDB as well. Do yourself a favor and go do this box! [Read More]

Mantis takes a lot of patience and a good bit of enumeration. The final exploit is also pretty cool as I had never done anything like it before. Really happy to see a domain controller finally pop up in HackTheBox. [Read More]

Privilege escalation always comes down to proper enumeration. But to accomplish proper enumeration you need to know what to check and look for. This takes familiarity with systems that normally comes along with experience. At first privilege escalation can seem like a daunting task, but after a while you start... [Read More]

The Cyborg challenges are the next set of UnderTheWire challenges following Century. These were a little more advanced but nothing too crazy. Below are my solutions. [Read More]