#linux
2 posts
// offense
SQL Injection by Default in Grafana (HTB — Jupiter)
A walkthrough of HackTheBox Jupiter, demonstrating how Grafana's raw SQL passthrough to PostgreSQL can be exploited for remote code execution and full system compromise.
Oct 25, 2023 10 min read
// offense HackTheBox WriteUp — Ghoul
A walkthrough of one of HackTheBox's hardest machines — Ghoul. Zip slip exploitation, multi-host pivoting across Docker containers, Gogs privilege escalation, git history mining, and SSH session hijacking to reach root.
May 14, 2023 6 min read