Archives: Timeline Stories

Curated a blog about Dirty Pipe with Devansh Khare on hack the box. Give it a read if you are looking to understand the underlying function of how Dirty Pipeworks, How to exploit it and how to mitigate it. over here https://www.hackthebox.com/blog/Dirty-Pipe-Explained-CVE-2022-0847 #hackthebox #dirtypipe #securityresearch #tech

Curated a blog about Dirty Pipe with Devansh Khare on hack the box. Give it a read if you are looking to understand the underlying function of how Dirty Pipeworks, How to exploit it and how to mitigate it. over here https://www.hackthebox.com/blog/Dirty-Pipe-Explained-CVE-2022-0847 #hackthebox #dirtypipe #securityresearch #tech

The lab is something that anyone looking to test or improve their AD and general penetration skills should definitely try. Ben Rollin has done some extremely impressive work create it and i will push you approach it as a real pentest. It took me about 3-4 months juggling with work. I learnt about 15 new things here […]

Completed the dante lab on hack the box it was a fun experience pretty easy.

Passed the CRTP Exam owned Active directory network from the pentester academy.

Pikaboo was my first hard box on HTB with 3 layers of abstraction. First exploit path traversal to get in nginx to get access to a admin panel to exploit LFI inclusion in order to get code execution via log poisoning FTP. Exploit ldap injection to get user pwnmeow and exploit diamond operator in perl […]

Got bug killer badge for find a bug in Hack the box platform

I got assigned 21 plus cve’s for WordPress 0 days finding SQL injections and other bugs in WordPress plugin repository

So first exploit published on Exploit DB found this during trying to find unintended ways to solve `Love` the box I made recently on @hackthebox_eu.

I got my first CVE in video-embed-box Subscriber level SQLI. CVE-2021-24337. It was a union based SQLI which is also time based exploitability  Disclosure link https://www.codevigilant.com/disclosure/2021/wp-plugin-video-embed-box/