rce

  • 12th January 2026

Boardlight writeup

writeupshack-the-boxlinuxcverceprivilege-escalation

Boardlight is a Linux box featuring a Dolibarr CMS instance vulnerable to CVE‑2023‑30253, leading to remote code execution. We will exploit this vulnerability, reuse extracted credentials to gain user access, and escalate privileges via an outdated binary vulnerable to CVE‑2022‑37706.

Read more 
  • 18th December 2025

TheFrizz writeup

writeupshack-the-boxrcehash-crackingkerberosactive-directorycve

TheFrizz is a hybrid box that combines web exploitation, database credential extraction, and Active Directory lateral movement. We will exploit a Gibbon CMS RCE (CVE‑2023‑45878), extract and crack hashes, use Kerberos authentication, and abuse Group Policy Objects (GPO) for privilege escalation.

Read more