We are solving Cereal, a 40-point machine on HackTheBox. For user, we will exploit a pretty tricky deserialization vulnerability in a .NET web app. For root, we exploit SeImpersonate.
Helpline is a really fun box on hackthebox.eu, which I was lucky enough to get system first blood on :)... read more
Solving Luanne on HackTheBox. This is an easy 20-point machine involving a simple command injection and some password cracking. read more
OpenAdmin is a 20-Point Linux machine on HackTheBox that involves using a public exploit for OpenNetAdmin & abusing a sudo... read more
We are solving Forge, a medium difficulty Linux machine on HackTheBox which involves an SSRF & playing with the python... read more
Arkham was a surprisingly hard box for the 30 points that were awarded for it, as I was struggling quite... read more
Patents is a 40-point Linux machine on HackTheBox. For user we exploit an external entity injection in a word document... read more
Monteverde is a 30-point Windows machine on HackTheBox that involves some LDAP and SMB enumeration to get the user flag.... read more
There is no excerpt because this is a protected post. read more
We are solving Sink, a 50-point Linux machine on HackTheBox that involves HTTP Request Smuggling & retrieving secrets from Localstack. read more
In this post I will give a quick walkthrough on Giddy from hackthebox.eu. The machine involves (automated) sql injection, stealing... read more
