nmap enumerationburp interceptionroot compromise
DevArea
Enumeration, Java analysis, proxy testing, and pivoting
Worked through Nmap enumeration, anonymous FTP discovery, file download and analysis, Java .class decompilation, devarea.htb host mapping, Hoverfly dashboard review on port 8888, proxy behavior testing on port 8500, SOAP/WSDL endpoint analysis on port 8080, Burp Suite interception, submitReport investigation, internal pivoting logic, systemd service review, environment file analysis, and root compromise.
View DevArea writeup
api header testingresponse mappingxxe-style payloads
Interpreter
API behavior and endpoint testing
Tested API endpoints requiring X-Requested-With: OpenAPI, mapped 400/401/404/405 responses, identified Jetty and Glassfish Jersey behavior, and tested XML/XXE-style payloads and endpoint behavior.
View writeup
sql injectionauth bypassowasp top 10
Appointment
SQL injection and authentication bypass practice
Practiced SQL injection, learned OWASP Top 10 classification, and worked through authentication bypass logic as part of offensive security fundamentals.
View Appointment writeup
ftp enumerationweb discoveryservice review
Crocodile
Enumeration and beginner-friendly service analysis
Added as part of the Hack The Box writeup portfolio to document enumeration flow, command usage, observations, and key lessons learned.
View Crocodile writeup