Photo by Jet Kim on Unsplash

First glance at the Forest!

For this write-up I am taking a break from Linux boxes and instead trying to get some more hands-on experience #pwning windows. This was easily the hardest box i’ve ever popped so be prepared for a pretty lengthy 2 part write-up as there are tons of great little “hacks” I want to cover :)

So getting started we are looking at the Forest machine ( on Hack The Box! Now I had friends that didn’t run into this issue so you may not as well, but just incase you do…. …

Photo by Caspar Camille Rubin on Unsplash


Waddup #InfoSec! In this article I am going to be doing Part 1 of a write-up for Hack The Box’s “Writeup” box! This was a fun one and while I didn’t necessarily learn any new hacking techniques I did build off my previous knowledge of SQL Injection, Hash Cracking, and actually quite a bit regarding how $PATHs work within Linux. #spoilers

As always please feel free to hack along with me as I write these to be very interactive and “step” driven. #HackTogetherHackHarder

Shhhh… You hear that?

#YouKnowWhatTimeItIs! Time for that Reconnaissance phase. We’ll be setting our cross-hairs on once we are successfully…

Photo by Kevin Horvat on Unsplash

Yo! @PettyHacks back with a simple Linux Privilege Escalation technique to migrate that measly $User shell you have over to #PwnCity with a $Root shell! FYI this is Part 2 to my previous article “Magento Exploitation! — From Customer to Server User Access” so if you are planning on hacking along make sure to check it out!

Now there are TONs of great write-ups and even videos on basic Linux Privilege Escalation so I am not going to go over all of that. …


Magento is a CMS (Content Management System) for E-Commerce websites that is widely used internationally. Even though you may have been unaware of it, I can guarantee you have probably purchased something from a company that uses Magento (such as HP or Zumies). Theoretically if an adversary can gain access to a target’s Magento platform they could then cause irreparable damage to that organizations sales and/or reputation…. and that’s the best case scenario.

With that said anytime a company uses a 3rd party application it opens up many doors for vulnerabilities. In this write up we are going to penetrate…

Steven Petty

I hack to learn! Follow me on Twitter @PettyHacks

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store