YPYogesh Peelainexploitnotes.hashnode.dev·20h ago · 18 min readHackTheBox: Build WriteupExecutive Summary The "Build" machine demonstrates a complex attack chain involving multiple services in a containerized environment. The exploitation requires: Reconnaissance of internal Docker netw00
YPYogesh Peelainexploitnotes.hashnode.dev·1d ago · 15 min readHackTheBox: Nexus WriteupExecutive Summary This writeup documents the complete exploitation chain for the Nexus target system, from initial reconnaissance through root compromise. The attack leveraged: Exposed credentials in00
YPYogesh Peelainexploitnotes.hashnode.dev·1d ago · 7 min readHackTheBox: Data WriteupSummary Data is a Linux box running Grafana 8.0.0 behind SSH and port 3000. The Grafana version is vulnerable to CVE-2021-43798, an authentication-free path traversal in the plugin static-file handler00
YPYogesh Peelainexploitnotes.hashnode.dev·2d ago · 7 min readHackTheBox: Baby WriteupSummary Baby is an Easy Windows AD box (baby.vl, DC: BABYDC). Null LDAP bind enumerates the full domain user list, including a description field that leaks a default password (BabyStart123!) for newly00
YPYogesh Peelainexploitnotes.hashnode.dev·2d ago · 13 min readHackTheBox: Breach WriteupSummary Breach is a Windows AD box centered on credential harvesting and Kerberos abuse. Initial access starts from a guest-readable, guest-writable SMB share. Dropping NTLM-coercion files (.scf, .url00
