Offensive Security

Hacking

Demonstrating offensive methodology through hands-on machine exploitation — from initial reconnaissance through privilege escalation to root.

Hack the Box

Walkthroughs

Step-by-step breakdowns of Hack the Box machines — enumeration, exploitation, and privilege escalation documented for each target.

Easy

Late

Flask/Jinja2 SSTI exploitation through image-to-text converter. Injected Python subclass payloads to extract SSH keys, then escalated via writable ssh-alert.sh script to catch reverse shell as root.

SSTI (Jinja2)Flask ExploitationSSH Key ExtractionReverse ShellLinPEAS
Read walkthrough
Easy

Explore

Android device penetration testing with unusual open ports. Enumeration of non-standard services, credential discovery, and exploitation of Android debug bridge for system access.

Android ExploitationPort EnumerationADBCredential Harvesting
Read walkthrough
Easy

CAP

IDOR vulnerability in network monitoring dashboard to access PCAP files containing plaintext credentials. FTP/SSH credential reuse, then Linux capabilities abuse for privilege escalation to root.

IDORPCAP AnalysisCredential ReuseLinux CapabilitiesPrivilege Escalation
Read walkthrough
Easy

Previse

Bypassing access controls to create admin account, then exploiting OS command injection vulnerability. Password hash cracking and path hijacking for root.

Access Control BypassOS Command InjectionHash CrackingPath Hijacking
Read walkthrough
Easy

Backdoor

GDB server exploitation via Metasploit to gain initial foothold, then privilege escalation by attaching to a root-owned GNU Screen session for full system access.

GDB ServerMetasploitMeterpreterScreen Session Hijack
Read walkthrough
→ Build it→ Break it→ Secure it→ Build it→ Break it→ Secure it→ Build it→ Break it→ Secure it→ Build it→ Break it→ Secure it→ Build it→ Break it→ Secure it→ Build it→ Break it→ Secure it→ Build it→ Break it→ Secure it→ Build it→ Break it→ Secure it