Recent Posts

HackTheBox - Haystack

5 minute read

Haystack was a nice 20 point box created by JoyDragon. It started out with dumping SSH credentials via Elasticsearch and then escalating to the Kibana user and abusing its privileges to exploit Logstash and get root.

HackTheBox - Safe

2 minute read

Safe was an easy 20 point box created by ecdo. It started out with pwning a binary to get a shell as user and then abusing KeePass to get root.

HackTheBox - Ellingson

11 minute read

Ellingson was a nice 40 point box created by Ic3M4n. It started with finding an exposed Werkzeug Debugger and getting RCE so we could SSH in. We then needed to crack some hashes to get user and pwn a SUID binary to get root.

HackTheBox - Writeup

3 minute read

Writeup was a nice 20 point box created by jkr. It started with a CVE to get SSH creds and then abusing a SSH startup process by injecting into PATH to get root.

Windows Security Identifiers

8 minute read

Instead of having to check the Microsoft docs every time I needed to identify a mysterious SID, I decided to type up the table here so I can reference it easily when required.