HTB Writeup: Checker

Teampass SQLi → hash crack → BookStack LFR → recover reader TOTP → SSH → sudo script + SysV SHM race → root.

Oct 17, 2025 Writeups

HTB Writeup: Escape

SMB → MSSQL coercion → hash crack → WinRM → AD CS ESC1 → Administrator

Oct 16, 2025 Writeups

HTB Writeup: Cat

Exposed .git → XSS → Webapp admin → SQLi → Creds reuse → Gitea XSS → root.

Oct 15, 2025 Writeups

HTB Writeup: Editor

XWiki SolrSearchMacros unauth RCE → reverse shell (xwiki) → DB creds in hibernate.cfg.xml → SSH as oliver via reused password → Netdata ndsudo PATH hijack (CVE-2024-32019) → root.

Oct 11, 2025 Writeups

HTB Writeup: Dog

BackdropCMS + exposed .git → DB creds → CMS admin → module upload webshell → SSH via reused creds → sudo bee eval → root.

Oct 11, 2025 Writeups

HTB Writeup: Certificate

HTB Certificate: upload filter bypass via concatenated zips → PHP reverse shell → Pcap Analysis → AD CS ESC3 to Administrator.

Oct 9, 2025 Writeups