https://gladigator.github.io/A minimal, responsive and feature-rich Jekyll theme for technical writing. 2026-02-09T07:46:00+00:00 Gladigator https://gladigator.github.io/ Jekyll © 2026 Gladigator /assets/img/favicons/favicon.ico /assets/img/favicons/favicon-96x96.png 2026-02-07T03:30:00+00:00 2026-02-09T07:45:16+00:00 https://gladigator.github.io/posts/backend-walkthrough/ Gladigator

Backend is a medium-difficulty Linux machine from HackTheBox that teaches you how to exploit API vulnerabilities. The box doesn’t have a traditional website frontend, just a backend API. We’ll fuzz API endpoints, manipulate JWT tokens, abuse debug features and escalate to root by finding credentials in log files. Initial Enumeration Started with a basic nmap scan to see what’s open: nmap -p-...

2026-01-28T01:00:00+00:00 2026-01-28T01:00:00+00:00 https://gladigator.github.io/posts/jarvis-htb-walkthrough/ Gladigator

Jarvis is a medium-difficulty Linux machine from HackTheBox. We’ll exploit SQL injection to get a foothold, use command injection for lateral movement and leverage a misconfigured SUID binary to get root. Initial Recon Started with a port scan to see what’s open: nmap -p- --min-rate=1000 -T4 10.129.229.137 Found three open ports: 22 (SSH), 80 (HTTP) and 64999 (HTTP). Let’s get more details...

2026-01-10T23:30:00+00:00 2026-01-12T09:09:55+00:00 https://gladigator.github.io/posts/intelligence-htb-walkthrough/ Gladigator

Intelligence is a medium-difficulty Windows machine from HackTheBox that focuses on Active Directory exploitation. This box teaches you about PDF metadata analysis, password spraying, ADIDNS poisoning, GMSA password dumping and constrained delegation abuse. Initial Enumeration I started with a quick port scan to see what services were running on the target. nmap -p- --min-rate=1000 -T4 10.12...

2026-01-10T02:30:00+00:00 2026-01-11T06:37:21+00:00 https://gladigator.github.io/posts/resolute-htb/ Gladigator

Machine Info Difficulty: Medium OS: Windows IP: 10.129.96.155 Domain: megabank.local TL;DR Found default credentials in LDAP description field, sprayed the password across domain users to gain initial access. Discovered PowerShell transcript logs containing credentials for lateral movement. Exploited DnsAdmins group membership to load a malicious DLL and achieve SYSTEM privileges. Reconna...

2026-01-09T04:30:00+00:00 2026-01-10T09:59:25+00:00 https://gladigator.github.io/posts/blackfield-htb-walkthrough/ Gladigator

Machine Info Difficulty: Hard OS: Windows IP: 10.129.229.17 Domain: BLACKFIELD.local Initial Recon Started with a full port scan to see what services were running: nmap -p- --min-rate=1000 -T4 10.129.229.17 -oN nmap_scan.txt Found several interesting ports: Port 53 (DNS) Port 88 (Kerberos) Port 389 (LDAP) Port 445 (SMB) Port 5985 (WinRM) This told me I was dealing with a Do...