Hackthebox

A full walkthrough of the Hack The Box machine “Precious” — from enumeration to exploitation, including a clever pdfkit command injection and Ruby YAML deserialization for root. With shell stabilisation and some VPN drama on the side.

An in-depth and hands-on walkthrough on spotting and exploiting Local File Inclusion (LFI) — from classic payloads to modern bypasses, straight from HTB Academy labs.

Cracked the UnderPass HTB box by skipping dead ends, abusing SNMP leaks, and turning mosh-server into a root shell with zero password — here is how.

Getting user.txt is just the beginning. Here’s how I hunt for privilege escalation paths on Linux boxes — what I check, how I think, and why it still stumps me sometimes.