htb
HTB Reset: From Log Poisoning to Root. Exploiting Tmux, Rexec and Misconfigured Sudo
A deep-dive into escalating from LFI to full root via log poisoning, named pipe reverse shell, misconfigured sudo permissions, and forgotten tmux sessions. Includes analysis of R-services (rexec, rlogin, rsh) and real-world command chaining.
exam-prep
Uni Exam Practice VM practice: more of LFI2RCE
In this university exam practice VM, I explored file upload handling, discovered a separate file inclusion point, and chained it with an uploaded webshell to gain remote command execution.
htb
Popping Devvortex - Joomla Tricks, Template Shells & Summer Brain Fog
An easy HTB box with enough Joomla, virtual hosts, and reverse shell magic to get you sweating (literally). This walkthrough dives into the quirks of Joomla, web fuzzing, API poking, and template-based RCE. Bring water.
remote-code-execution
From LFI to RCE: Exploiting File Inclusion Like a Pro
A hands-on deep dive into exploiting file inclusion vulnerabilities; from simple LFI to full RCE using session poisoning, log injection, and PHP wrappers.
