HackMyVM: Gameshell2

We enumerate users via the Finger protocol, beat a terminal-based Snake game to gain SSH access, and pivot through an internal subdomain using Phpsploit to escalate privileges via the ‘uv’ tool.

February 4, 2026 · 5 min · Bhav Goyal

HackTheBox: Sau

Sau is an Easy Difficulty Linux machine that features a Request Baskets instance that is vulnerable to Server-Side Request Forgery (SSRF) via CVE-2023-27163. Leveraging the vulnerability we are to gain access to a Maltrail instance that is vulnerable to Unauthenticated OS Command Injection, which allows us to gain a reverse shell on the machine as puma. A sudo misconfiguration is then exploited to gain a root shell.

August 14, 2025 · 3 min · Bhav Goyal

HackTheBox: Voleur

This writeup covers an assumed breach scenario on HackTheBox Voleur, involving Kerberos ticket authentication, DPAPI secret extraction from archived user profiles, targeted Kerberoasting, and NTDS dump via WSL to achieve domain administrator access.

August 14, 2025 · 5 min · Bhav Goyal

HackTheBox: Certified

This writeup covers the assumed breach scenario for HackTheBox Certified, demonstrating enumeration, privilege escalation, and exploitation of Active Directory and ADCS vulnerabilities to achieve domain administrator access.

August 11, 2025 · 3 min · Bhav Goyal

HackTheBox: Aero

This writeup demonstrates enumeration and exploitation of Windows services on HackTheBox Aero, including web and network service attacks.

July 30, 2025 · 2 min · Bhav Goyal