Detailed walkthroughs of HackTheBox machines โ covering enumeration, exploitation, privilege escalation, and lessons learned along the way.
IDOR on a PCAP download endpoint leaks FTP creds in plaintext. Shell as Nathan, then a cap_setuid Linux capability hands over root.