[~]$ whoami

Cyber-Security Researcher and Developer having interests in Application-Security, *nix based Systems, Android, Reverse Engineering and Programming; loves Command Line, FOSS. Read more…


HackTheBox - Escape

Escape is a medium-difficulty Windows machine on Hack The Box that revolves around Active Directory. The initial foothold is gained by finding credentials in a PDF file on an open SMB share. This access is then leveraged to connect to an MSSQL service, from which we capture and crack the NTLM hash of a service account. Lateral movement is achieved by discovering another user’s credentials in a log file. Finally, privilege escalation to Administrator is accomplished by exploiting a misconfiguration in Active Directory Certificate Services (ADCS), specifically the ESC1 vulnerability.

July 6, 2025 · 12 min · Aditya Telange

HackTheBox - Resolute

Resolute is a medium-difficulty Windows machine on HackTheBox that involves a realistic Active Directory penetration test. The initial foothold is gained by enumerating domain users via a null SMB session and discovering a default password in a user’s description, which is then reused to gain access as another user via WinRM. Lateral movement is achieved by discovering cleartext credentials for a more privileged user within PowerShell transcripts. Finally, privilege escalation to SYSTEM is accomplished by abusing the permissions of the DnsAdmins group to load a malicious DLL.

June 29, 2025 · 12 min · Aditya Telange

HackTheBox - Certified

Certified is a Windows machine having misconfigured ACL in Active Directory environment where initial access for a low-privileged user judith.mader is provided. Exploitation of the Active Directory Certificate Service (ADCS) is required to get access to the management_svc, ca_operator and Administrator account by abusing shadow credentials and ESC9.

March 20, 2025 · 17 min · Aditya Telange

State of VMWare Workstation (Pro?) on Linux

VMWare Workstation is a popular virtualization software that was recently made available for free personal use after VMWare was acquired by Broadcom. This is an excellent move by Broadcom, as it will help many users to utilize this software for free for personal use and learning purposes. I have been using VMWare Workstation on Linux for a while now and I have to say that it is a great piece of software. It is very easy to use, is extremely fast, and has a lot of features that make it a great choice for virtualization on Linux. ...

June 24, 2024 · 4 min · Aditya Telange

Android App Security Testing Lab with MobSleuth

Setting up a virtual lab for Android App security assessments.

June 16, 2024 · 3 min · Aditya Telange

Android phone as a Webcam on Linux

Learn how to set up a virtual webcam on Linux using your Android device’s cameras using scrcpy.

February 17, 2024 · 3 min · Aditya Telange

Breaking down Reverse shell commands

In pentesting assessments and CTFs we always need reverse shells to execute commands on target machine once we have exploited a system and have a command injection at some point in our engagement. For that we have an awesome project: revshells.com or reverse-shell-generator where we have a ton of reverse shell payloads listed. This blog post tries to explain their working. Note: I’ll be breaking down all of them, but not all at once. If you have any comments/feedback let me know in the comments section. ...

May 7, 2023 · 5 min · Aditya Telange

HackTheBox - Photobomb

Photobomb is a fun box on Hackthebox where we initially get hardcoded credentials in a Javascript file, which we can use to authenticate with basic auth to access the image resizing tool, which has command injection leading to us getting a reverse shell. After getting initial access as user wizard, we see a cleanup.sh script which can be run as root. We then abuse the redirection operator > clobbering the /etc/passwd file to escalate our privileges by adding user wizard to group root.

February 11, 2023 · 7 min · Aditya Telange

Merging AOSP Security Patches into Custom ROMs

Learn how Android Custom ROM developers merge AOSP security patches.

January 28, 2023 · 3 min · Aditya Telange

Primer on HTTP Security Headers

What are HTTP headers? HTTP headers are a list of key-value pairs which are sent along with HTTP requests and responses. Let us take an example with below request(left) and response(right): In the above snapshot, we can see that we have an HTTP request being sent to Host. Along with that request/response, we see Key:Value pairs, these are HTTP Headers. These look similar to YAML format. ...

December 4, 2022 · 10 min · Aditya Telange

Image Zoom-In effect with HUGO

In this blog post we will look into how we can add a Zoom-In effect for better visibility. We will be using Markdown Render Hooks from Hugo with HTML & CSS, implementing a non-javascript solution. View the outcome 👇 About Markdown Render Hooks Hugo offers really handy Markdown Render Hooks. These allow custom templates to override markdown rendering functionality. We will be using render-image hook to process out the images in the post as per our needs. The render-image hook stays in the location shown below. ...

September 10, 2022 · 3 min · Aditya Telange

HackTheBox - Legacy

Legacy is a relatively easy box which has SMB running on Windows XP(2000) OS. We find the exploit with metasploit and get access to priviledged user NT AUTHORITY\SYSTEM directly.

June 3, 2022 · 4 min · Aditya Telange

HackTheBox - Lame

Lame is the 1st box on HackTheBox which requires only one exploit in Samba to obtain root access. We also explore other ways during we reach to superuser’s shell.

June 3, 2022 · 3 min · Aditya Telange

HackTheBox - Horizontall

Horizontall is a fun box which has an API, vulnerable to Improper Access Control and RCE. The box is running a laravel service which is vulnerable to RCE which lets us run commanad as root.

February 5, 2022 · 7 min · Aditya Telange

HackTheBox - Forge

Box Info Name: Forge OS: Linux Difficulty: Medium IP: 10.10.11.111 Points: 30 Machine Creator: NoobHacker9999 Introduction Forge is a fun box on Hackthebox that has a File Upload functionality which is vulnerable to SSRF. This exposes the internal Admin panel and lets us read files with internal FTP service, which includes SSH key pair of the user. Listing the available commands we can run as a superuser, we have a python script which opens a socket connection. This calls PDB with an exception occurs, with which we get a shell as root. ...

January 22, 2022 · 5 min · Aditya Telange

HackTheBox - Previse

Previse is a fun Linux box on HackTheBox that has insecure redirect implementation which leaks information on the page. This can then be used to create a new user in the application and get access to backup.zip of it. Backup revels that there is a command injection vulnerability present in the logs fetching feature, which gets us a basic shell. We have a MySQL server running inside the box which has reused credenrials from the backup.zip. We get hashed/salted credentials inside this database and crack it by writing a custom PHP script. We again have a username and password reuse for a SSH user, which gives us a user shell. Listing sudo privilegs we get to know there is a script which we can run as root, that does not mention absolute $PATH for a command being used. Thus can be overriden by $PATH variable set by current USER.

January 8, 2022 · 10 min · Aditya Telange

HackTheBox - BountyHunter

BountyHunter is a fun Linux box on HackTheBox that has XXE injection on a PHP form, which exposes DB credentials. This DB credential is reused as a password for a user on the box. The box also has an internal python3 script which could be run as elevated privileges. This script uses eval by which we get command injection, which leads to superuser access to this box.

November 20, 2021 · 7 min · Aditya Telange

HackTheBox - Explore

Explore is a fun Android box that has an Open Port Vulnerability because of a popular file manager application. This box also has ADB over TCP/IP open over port 5555 which leads to obtaining root privileges.

October 30, 2021 · 4 min · Aditya Telange

HackTheBox - Cap

Cap is a fun box where we find a flask web app which lets us download network log, where we find FTP and SSH credentials for user nathan. The box has python which has capability to set UIDs, which lets us access roots shell, when UID is set to 0.

October 2, 2021 · 4 min · Aditya Telange

HackTheBox - Pit

Pit is a fun box where SNMP Data reveals that seeddms instance is running, which is vulnerable to RCE. The box has CentOS’s Cockpit Web Console on port 9090, which uses reused password from DB credentials. This gives access to user shell. LinPeas reveals there is a monitoring service, which runs bash scripts in a particular directory. Chaining this with SNMPwalk gives us root.

September 25, 2021 · 6 min · Aditya Telange

HackTheBox - Knife

Knife is a fun box which uses a PHP version having backdoor, which leads to RCE. The box has a command named knife which lets non-superusers run commanad as root.

August 28, 2021 · 2 min · Aditya Telange

HackTheBox - Love

Love is a fun box where we find a hidden subdomain that helps us retrieve Forbidden pages, where admin credentials are leaked of another service. The access to the admin dashboard has a file upload, through which we get a reverse shell. The box then has AlwaysInstallElevated that allows a regular user to install a Microsoft Windows Installer Package (MSI) with system privileges, which helps us get the Administrator access.

August 7, 2021 · 5 min · Aditya Telange

HackTheBox - Tenet

Tenet is a fun box where we find a backup of a staging PHP file which loads external code via deserialization, which leads to code-execution and a reverse shell. This leads to access to a script which the non-sudoer user can run to add ssh-key for getting root shell.

June 12, 2021 · 6 min · Aditya Telange

HackTheBox - Ready

Ready is a fun box which is using an outdated GitLab community version. Which apparently has an exploit which gives RCE to authenticated users. This RCE gives access to docker container in which gitlab instance is running, and we have to breakout the container to escalate our privilages to get own root!

May 15, 2021 · 4 min · Aditya Telange

Watermarking images with HUGO

Introduction Watermarking is the process of superimposing a logo or piece of text atop a document or image file, and it’s an important process when it comes to both the copyright protection and marketing of digital works.1 Adding a watermark to our work ensures that if anything we make ends up going viral, our brand is recognized. Watermarking also ensures that people do not use these images without referring to the “original publisher”. ...

April 24, 2021 · 6 min · Aditya Telange

My Github Project went viral!

On 13th Feb 2021 PaperMod went viral !!! 🤯 Hugo-PaperMod is a side-project of mine, which is a Hugo Theme. I started modifying/optimizing this initially for my personal website but later decided to post it publicly on Hugo Themes. It is a modded version of Theme Paper. For a brief overview, PaperMod is a blazing fast, clean and responsive theme with powerful SEO, and good documentation. And this on which this website is also themed upon 😉 ...

February 16, 2021 · 2 min · Aditya Telange

CAF's Android for MSM

The Introduction to what CAF is w.r.t AOSP development

November 2, 2020 · 2 min · Aditya Telange

Basic Website Analytics with Vercel

Using Vercel’s Built-in HTTP Headers to get Usage Analytics with help of Serverless API

October 1, 2020 · 5 min · Aditya Telange

Github Actions as Temporary File Sharing Platform

Using Github’s workflow actions to set-up a High Speed Temporary File Sharing Platform

September 26, 2020 · 3 min · Aditya Telange

Prebuilt apk in Build | AOSP Rom Development

Sometimes we need to add some pre-built apk in our build because the source isn’t available or it is more easy to just pull the binaries from, and add it to our build.This post says how to do it.

June 14, 2020 · 2 min · Aditya Telange

External Link With target='_blank' in Hugo Markdown

Intro Many a times we need to open some External Link in New Tab for the convenience of the Visitor . In Hugo there is no default method for this. All we have in Hugo is relref for Internal sites. :/ Implementaion Hugo offers a way to render using a predefined template to Markdown(.md) with the help of Shortcodes. We can create such a shortcode for *Creating an Exeternal link with with target='_blank'. ...

June 3, 2020 · 1 min · Aditya Telange

Setting Up Build Environment | AOSP Rom Development

AOSP requires some dependencies and libraries in-order to build properly. This post explains how to set that up

April 17, 2020 · 3 min · Aditya Telange

Getting Started | AOSP Rom Development

The Introduction to what AOSP is

April 13, 2020 · 3 min · Aditya Telange

Using Secure HTTP Headers with Vercel/Zeit

About Secure HTTP Headers with a guide to adding it to Vercel/Zeit deployments

January 7, 2020 · 3 min · Aditya Telange
This site uses cookies to improve your experience on our website. By using and continuing to navigate this website, you accept this. More details in Privacy Statement.