Exploiting Gitlab 11.4.7 & Escaping a Privileged Docker Container – Ready @ HackTheBox
xct2021-06-28T13:38:37+00:00We are going to solve Ready, a 30-point machine on HackTheBox. For user, we exploit the "Import Repo by URL" Feature in Gitlab to SSRF into Redis and add a background job which then gives us a reverse shell. For root, we can mount the host filesystem into our privileged...
Angr & Basic Binary Exploitation – Binary Heaven @ TryHackMe
xct2021-06-28T13:40:20+00:00We are going to solve "Binary Heaven", a room on TryHackMe. It starts with some light reversing and debugging, and then we exploit a simple stack overflow followed by path hijacking for root.
Vim RCE & OpenBSD Binary Exploitation – Attended @ HackTheBox
xct2021-06-28T13:42:40+00:00We will solve Attended, a 50-point machine on HackTheBox. For user, we will be sending some emails back and forth and then append a payload that exploits a Vim RCE, followed by adding a malicious ssh config. For root, we will exploit a custom OpenBSD binary that is used as...
.NET Remoting & WCF – Sharp @ HackTheBox
xct2021-06-28T13:52:26+00:00We will solve Sharp, a 40-point machine on HackTheBox that is all about C-Sharp & .Net. For user, we exploit a deserialization vulnerability in a .NET Remoting Service and for root WCF.
Year of the Jellyfish @ TryHackMe
xct2021-06-28T13:46:53+00:00In this video, we are going to solve Jellyfish, a medium difficulty box from TryHackMe, which involves exploiting a PHP web app called Monitorr and using dirty_sock for root.
DynamoDB & S3 Buckets – Bucket @ HackTheBox
xct2021-06-28T13:50:28+00:00We are going to solve Bucket, a medium Linux machine on HackTheBox. We get credentials from DynamoDB, upload a webshell to a local S3 bucket and at the end exploit an html to pdf converter.