🛡️365 Days of Hacking🛡️ 🔒 Day [198] 🧩 Machine: [Safe-HTB] 🌟 Difficulty: [Easy] 🔍 Summary: [A binary running on port 1337 was vulnerable to buffer overflow. Exploited it to get a shell. Found KeePass database, cracked it with John, and got root's password.]

🛡️365 Days of Hacking🛡️ 🔒 Day [199] 🧩 Machine: [Search-HTB] 🌟 Difficulty: [Hard] 🔍 Summary: [Found creds in image (site). Ran Bloodhound, found Kerberoastable user, cracked hash. PassSpray got another user with .xlsx (SMB) containing creds of a user with 'GMSA' on Admin.]

🛡️365 Days of Hacking🛡️ 🔒 Day [200] 🧩 Machine: [FluxCapacitor-HTB] 🌟 Difficulty: [Medium] 🔍 Summary: [ 404 - Not Found ]

🛡️365 Days of Hacking🛡️ 🔒 Day [201] 🧩 Machine: [StreamIO-HTB] 🌟 Difficulty: [Medium] 🔍 Summary: [SQLi to admin panel, RCE led to shell. Decoded Firefox saved creds, got another user. Added myself to group with 'ReadLAPSPassword' on DC]

🛡️365 Days of Hacking🛡️ 🔒 Day [202] 🧩 Machine: [Giddy-HTB] 🌟 Difficulty: [Medium] 🔍 Summary: [Exploited SQLi to steal NTLM hash via SMB connection, cracked pass, logged in via PowerShell web console. For root, Local PE CVE in 'UniFi Video'.]

🛡️365 Days of Hacking🛡️ 🔒 Day [203] 🧩 Machine: [GreenHorn-HTB] 🌟 Difficulty: [Easy] 🔍 Summary: [404 - Not Found]

🛡️365 Days of Hacking🛡️ 🔒 Day [204] 🧩 Machine: [Worker-HTB] 🌟 Difficulty: [Medium] 🔍 Summary: [Found creds in repository, used them to log into Azure DevOps. Uploaded webshell, got a shell, found more creds. Used Evil-WinRM for shell. Created pipelines for root execution.]

🛡️365 Days of Hacking🛡️ 🔒 Day [205] 🧩 EndGame: [P.O.O. - HTB] 🔍 Summary: [DS_STORE files, Windows short filenames, MSSQL instance, xp_cmdshell, Python in MSSQL, WinRM over IPv6, SharpHound, Kerberoast, Generic All on Domain Admins.]

🛡️365 Days of Hacking🛡️ 🔒 Day [206] 🧩 Machine: [Epsilon-HTB] 🌟 Difficulty: [Medium] 🔍 Summary: [404 - Not Found ]

🛡️365 Days of Hacking🛡️ 🔒 Day [207] 🧩 Machine: [Querier-HTB] 🌟 Difficulty: [Medium] 🔍 Summary: [Inside SMB share, found .xlsm with SQL creds. Used them to steal NTLM hash, cracked it. PowerUp revealed clear text admin pass.]

🛡️365 Days of Hacking🛡️ 🔒 Day [208] 🧩 Machine: [Canape-HTB] 🌟 Difficulty: [Medium] 🔍 Summary: [ .git exposed on webserver. Got source code, found Python pickle deserialization vulnerability, led to shell. Pivoted to another user via CouchDB CVE, then had sudo on 'pip'.]

🛡️365 Days of Hacking🛡️ 🔒 Day [209] 🧩 Machine: [RedCross-HTB] 🌟 Difficulty: [Medium] 🔍 Summary: [XSS to access admin panel, whitelisted IP. Found and exploited 'Haraka SMTP' for shell. Privilege escalation via PAM/NSS.]

🛡️365 Days of Hacking🛡️ 🔒 Day [210] 🧩 Machine: [Blazorized-HTB] 🌟 Difficulty: [Medium] 🔍 Summary: [404 - Not Found]

🛡️365 Days of Hacking🛡️ 🔒 Day [211] 🧩 Machine: [BroScience-HTB] 🌟 Difficulty: [Medium] 🔍 Summary: [Activated account by analyzing activation code generation via source code (File Read Vulnerability). For root, injected into a certificate-checking script.]

🛡️365 Days of Hacking🛡️ 🔒 Day [212] 🧩 Machine: [Writer-HTB] 🌟 Difficulty: [Medium] 🔍 Summary: [SQL injection led to file read. SSRF gave code execution and shell. Abused postfix to pivot to another user. For root, editable 'apt-get' config.]

🛡️365 Days of Hacking🛡️ 🔒 Day [213] 🧩 Machine: [Scrambled-HTB] 🌟 Difficulty: [Medium] 🔍 Summary: [Kerberoasting attack to get and crack hash. Generated silver ticket for MSSQL access, found more creds. DNSpy revealed deserialization vulnerability in .exe binary.]

🛡️365 Days of Hacking🛡️ [7 Months, 213 Days, 213 Machines] On the first day of this year, I set a New Year's resolution to complete 1 box a day for a year. At first, it seemed overconfident and hard, but I made it to the 7th month, completing 58.36% with only 152 left. I never

I'm officially a Junior Penetration Tester. INE Security (FKA eLearnSecurity) Pentester Academy

Red Team Analyst & Multi Cloud Red Team Analyst CyberWarFare Labs