In the post, I would like to share some tricks that I learned such as using the WSUS Trick while playing with the Outdated Machine which the walkthrough over here I’m not really good with Windows Operating System and this

Continue ReadingHack The Box: (Outdated Machine) Using WSUS attack

In this post, I would like to share some knowledge about SQL Injection which can be useful during Penetration Testing activity. Before we went deeper into it, I will try to explain what is SQL Injection for those who are

Continue ReadingLearning Series: SQL Injection attack method

In this post, I would like to share some Unintended ways to obtain the root shell by using the vulnerability of the Faculty machine that recently retired which can be read here Enumerate the Faculty HTB server using linpeas script

Continue ReadingHack The Box: (Unintended Way) To obtain a root shell using CVE-2022-2588 Vulnerability on Faculty HTB

In this post, I would like to share a way to bypass AV detection by using HoaxShell which that tool has been created by t3l3machus. What is HoaxShell? HoaxShell is a tool that contains unconventional Windows Reverse Shell which can

Continue ReadingLearning Series: Bypass AV detection using HoaxShell

In this post, I would like to share a walkthrough of the Perspective Machine from Hack the Box This room will be considered an Insane machine on Hack the Box What will you gain from the Perspective machine? For the user flag,

Continue ReadingHack The Box: Perspective Machine Walkthrough – Insane Difficulty

What is JuicyPotato Vulnerability? Those who have experienced Pentester and had a good time testing with Windows Escalation Method, they are surely heard about JuicyPotato at least once. Therefore, for people out, there should not fret who are not familiar

Continue ReadingHack The Box: (Unintended) way to get Root Privileges Access using the latest version JuicyPotato

What is Server-Side Template Injection? An attack that allows the attacker to use the native template syntax to inject a few malicious payloads into the template is been called Server-side template injection or also known as SSTI. Normally, the attacks

Continue ReadingLearning Series: Server-Side Template Injection (SSTI)

In this post, I want to share on Directory Traversal Attack Method which can be useful during any Red Teaming OR Penetration Testing Before I share the demo of the attack over here, let’s study the methodology and the process

Continue ReadingLearning Series: Directory Traversal Attack Method

In this post, I would like to explore more binary exploitation such as nreport which will improve my skills and knowledge. For a record, the binary file is coming from OverGraph Machine on Hack the Box Platform. Before we start

Continue ReadingCustom Binary Exploitation

In this post, I would like to share a walkthrough of the Shoppy Machine from Hack the Box This room will be considered an Easy machine on Hack The Box What will you gain from the Shoppy machine? For the user flag,

Continue ReadingHack The Box: Shoppy Machine Walkthrough – Easy Difficulty