Research

Security write-ups

Exploitation walkthroughs from Hack The Box Season 8 and bug bounty CTF challenges. Searchable, tagged, and statically generated.

Season 8 active machines (May–August 2025). Additional walkthroughs on Medium.

/

8 results

Editor

3m

A Linux machine involving XWiki exploitation via CVE-2025-24893, credential extraction, and PATH hijacking for privilege escalation.

HTB MachineEasy
#XWiki#CVE-2025-24893#RCE#CredentialExtraction
Read →

Era

3m

A Linux machine involving vhost enumeration, IDOR vulnerability, hash cracking, SSRF exploitation, and binary signing for privilege escalation.

HTB MachineMedium
#VhostEnumeration#IDOR#HashCracking#SSRF
Read →

JinjaCare

3m

A web application vulnerability challenge focusing on SSTI (Server-Side Template Injection) and RCE exploitation techniques.

Bug Bounty CTF
#SSTI#RCE#Flask#Jinja2
Read →

NeoVault

3m

A banking web application challenge involving MongoDB Object ID prediction and JWT token exploitation.

Bug Bounty CTF
#MongoDB#JWT#IDOR#BugBounty
Read →

Code

3m

A Python-based web application with command injection vulnerabilities and privilege escalation challenges.

HTB MachineEasy
#Python#CommandInjection#PrivilegeEscalation#SSH
Read →

Nocturnal

3m

A challenging Hack The Box Linux-based machine involving web exploitation and privilege escalation techniques.

HTB Machine
#WebExploitation#PrivilegeEscalation#Linux
Read →

Dog

3m

A Linux machine involving git repository dumping, RCE exploitation, and privilege escalation through sudo misconfiguration.

HTB MachineEasy
#GitDumping#RCE#PrivilegeEscalation#Linux
Read →

Outbound

3m

A Linux machine featuring Roundcube webmail exploitation, session decryption, and privilege escalation through log symlink vulnerability.

HTB MachineEasy
#Roundcube#RCE#SessionDecryption#PrivilegeEscalation
Read →
More on Medium →