December 2025 - nPm Hacks

Offsec Proving Grounds Walkthrough – Cobbles

By nPm December 29, 2025Docker, Ethical Hacking, Hacking, Linux, Networking, Offsec, Python, Security, Tutorial, Walkthrough

Walkthrough of the machine called "Cobbles" in the OffSec Proving Grounds...don't watch unless you want help getting through the machine. We take advantage of Zoneminder using a python exploit, then use enumeration to figure out the proxy situation. We end up privilege escalating using the exact same exploit by taking…

Offsec Proving Grounds Walkthrough – Jordak

By nPm December 26, 2025Ethical Hacking, Hacking, Linux, Networking, Offsec, Python, Security, Tutorial, Walkthrough

This is a walkthrough of "Jordak" in the OffSec Proving Grounds. In this video we take advantage of the Jorani leave management software and use tools like GTFOBins to privesc. ***SPOILER***Walkthrough of the machine called "Jordak" in the Offsec Proving Grounds...don't watch unless you want help getting through the machine.…

Reusable App Fuzzer for Simple Buffer Overflow Development

By nPm December 25, 2025Coding, Ethical Hacking, Hacking, Linux, Networking, Python, Security, Tutorial

Started doing some buffer overflow exploit development. Hoping to better understand some of the exploits used when doing CTF's and such. Nothing fancy, 32 bit vulnerable apps (on Windows 10) to try and learn about the process. I wrote an app fuzzer in python that is pretty re-usable. Takes IP…

Hack the Box Walkthrough – Bashed

By nPm December 22, 2025Ethical Hacking, Hacking, HTB, Linux, Networking, Python, Security, Tutorial, Walkthrough

This is a walkthrough of the Hack The Box machine called "Bashed". It involves PHP reverse shells, python scripts, sudo exploits, and more. ***SPOILERS*** I show you how to pwn the box, so if you don't want help with it do not watch this video. Hope this helps someone and…

Hack the Box Walkthrough – Nibbles

By nPm December 19, 2025Ethical Hacking, Hacking, HTB, Linux, Networking, Python, Security, Tutorial, Walkthrough

This is a walkthrough of the Hack The Box machine called "Nibbles". It features the use of password guessing, python exploits, and sudo abuse to exploit a Nibbleblog machine . I learned a lot tackling this one, I don't agree with the easy rating (who am I to judge 🤣).…

TryHackMe 2025 Advent of Cyber Day 5 Bonus Question #2

By nPm December 19, 2025Coding, Hacking, Linux, Python, Security, TryHackMe, Tutorial

Well, I guess I vibe code now LOL. Ayman Boumait asked me to look at TryHackMe Advent of Cyber Day 5 challenge. One of the bonus questions asks: "Bonus Task: Want to go even further? Using the /parents/vouchers/claim endpoint, find the voucher that is valid on 20 November 2025. Insider information…

Offsec Proving Grounds Walkthrough – Pathway

By nPm December 16, 2025Ethical Hacking, Hacking, Linux, Networking, Offsec, Security, Tutorial, Walkthrough

This is a walkthrough of OffSec Proving Grounds machine "Pathway". If you have taken TCM Security's Practical Ethical Hacking/PrivEsc training you will know what to do, I used my notes from that training to exploit the machine. We take advantage of S3 bucket information to grab credentials using tools like…

TryHackMe Walkthrough – All in One

By nPm December 12, 2025Ethical Hacking, Hacking, Linux, Networking, Python, Security, TryHackMe, Tutorial, Walkthrough

This is a walkthrough of the TryHackMe machine called "All in One". The machine is a linux box running wordpress and this video features the use of wpscan, python exploits, malicious plugins, and GTFOBins! I learned a lot tackling this one. ***SPOILERS*** I show you how to pwn the box,…

Hack the Box Walkthrough – Paper

By nPm December 11, 2025Ethical Hacking, Hacking, HTB, Linux, Networking, Python, Security, Tutorial, Walkthrough

This is a walkthrough of the Hack The Box machine called "Paper". It features the use of exploits to compromise Wordpress and RocketChat, reverse shells, and for the first time ever for me a polkit vulnerability that actually worked. I learned a lot tackling this one. They are obviously making…

Offsec Proving Grounds Walkthrough – Flink

By nPm December 7, 2025Ethical Hacking, Hacking, java, Linux, Networking, Offsec, Security, Tutorial, Walkthrough

📣🆕This is a brand new machine in the Proving Grounds, there are no walkthroughs! This is a walkthrough of OffSec Proving Grounds machine "Flink". It is rated as Intermediate but it was quite tough because java isn't my thing. We take advantage of Apache Flink by uploading a custom malicious…