A linux box from HackTheBox- gained foothold by a combination of email phishing and deploying PyPI package and rooted through sudo permission. This is an active machine, so I highly recommend that you try a bit harder before heading inside.
A linux box from HackTheBox- gained foothold by a combination of SQL injection and vulnerability in OpenEMR rooted through docker. This is an active machine, so I highly recommend that you try a bit harder before heading inside.
A linux box from HackTheBox- gained foothold by a combination of SQL injection and by injecting PHP code into uploaded image and rooted by hijacking bash binary. This is an active machine, so I highly recommend that you try a bit harder before heading inside.
A writeup on how I escalated my privileges to root, through LXD group membership.
A linux box from HackTheBox- gained foothold by exploiting Tomcat 9 credentials and rooted by lxd group membership. This is an active machine, so I highly recommend that you try a bit harder before heading inside.
A linux box from HackTheBox- gained foothold by exploiting Bludit CMS vulnerabilities and rooted by vulnerable sudo version. This is an active machine, so I highly recommend that you try a bit harder before heading inside.
A writeup on how I hijacked a python library for privilege escalation and owned a machine.
A windows box from HackTheBox- gained foothold by exploiting vulnerability on Umbraco CMS v7.12.4 and gained SYSTEM access by abusing service permissions of UsoSvc. This is an active machine, so I highly recommend that you try a bit harder before heading inside.
A linux box from HackTheBox- gained foothold by exploiting a backdoor and rooted by exploiting SSH welcome message file. This is an active machine, so I highly recommend that you try a bit harder before heading inside.