Reverse-Shell

A full walkthrough of the Hack The Box machine “Precious” — from enumeration to exploitation, including a clever pdfkit command injection and Ruby YAML deserialization for root. With shell stabilisation and some VPN drama on the side.

A deep-dive into escalating from LFI to full root via log poisoning, named pipe reverse shell, misconfigured sudo permissions, and forgotten tmux sessions. Includes analysis of R-services (rexec, rlogin, rsh) and real-world command chaining.

An easy HTB box with enough Joomla, virtual hosts, and reverse shell magic to get you sweating (literally). This walkthrough dives into the quirks of Joomla, web fuzzing, API poking, and template-based RCE. Bring water.

A hands-on deep dive into exploiting file inclusion vulnerabilities — from simple LFI to full RCE using session poisoning, log injection, and PHP wrappers.

From basic payloads to protected and self-destructing shells — a hands-on journey upgrading your webshells for stealth, power, and style.

Understand what shells really are, how they evolved, why they matter, and how different types like reverse shells and webshells work.

After exploring XSS in Part 1, we now dive into server-side command injection, shell behavior, piping, and classic reverse shell tactics.