HackMyVM: Gameshell2

We enumerate users via the Finger protocol, beat a terminal-based Snake game to gain SSH access, and pivot through an internal subdomain using Phpsploit to escalate privileges via the ‘uv’ tool.

February 4, 2026 · 5 min · Bhav Goyal

HackTheBox: Magic

This writeup details the exploitation of web vulnerabilities on HackTheBox Magic, including SQL injection, path manipulation, and privilege escalation.

July 5, 2025 · 3 min · Bhav Goyal

HackTheBox: BoardLight

This writeup covers the enumeration and exploitation of Linux services and subdomains on HackTheBox BoardLight, focusing on web and DNS discovery for privilege escalation.

September 13, 2024 · 1 min · Bhav Goyal

HackTheBox: Cap

This writeup covers the enumeration and exploitation of Linux services on HackTheBox Cap, focusing on network capture analysis and credential discovery for privilege escalation.

September 10, 2024 · 1 min · Bhav Goyal