#hackthebox
3 posts
// offense
SQL Injection by Default in Grafana (HTB — Jupiter)
A walkthrough of HackTheBox Jupiter, demonstrating how Grafana's raw SQL passthrough to PostgreSQL can be exploited for remote code execution and full system compromise.
Oct 25, 2023 10 min read
// offense Abusing Common Windows Misconfigurations (HackTheBox — Active)
A walkthrough of HackTheBox Active covering anonymous SMB access, Group Policy Preferences exploitation, and Kerberoasting to achieve domain admin on a Windows Server 2008 R2 domain controller.
Jun 3, 2023 5 min read
// offense HackTheBox WriteUp — Ghoul
A walkthrough of one of HackTheBox's hardest machines — Ghoul. Zip slip exploitation, multi-host pivoting across Docker containers, Gogs privilege escalation, git history mining, and SSH session hijacking to reach root.
May 14, 2023 6 min read