HTTP Request Smuggling & AWS – Sink @ HackTheBox
xct2021-09-18T13:24:24+00:00We are solving Sink, a 50-point Linux machine on HackTheBox that involves HTTP Request Smuggling & retrieving secrets from Localstack.
On Disabled Windows Privileges
xct2021-09-10T07:10:16+00:00Why we can shutdown a machine when our user has SeShutdownPrivilege listed as disabled?
SEH Based Buffer Overflow & DLL Hijacking – UT99 @ PG Practice
xct2021-09-09T08:58:00+00:00We are solving UT99, an intermediate windows box on PG Practice. On this box, we are going to exploit an SEH based buffer overflow. And to make it a bit more fun we'll do that one manually instead of just firing some exploit from exploitdb. Then for root, we will...
Command Injection, Prototype Pollution & Kubernetes – Unobtainium @ HackTheBox
xct2021-09-04T13:16:26+00:00This video is about Unobtainium, a 40-point Linux machine on HackTheBox. For user, we download an electron app and proxy it through burp to find some credentials, which we can then use on an API endpoint. Combining a command injection & prototype pollution will then lead to a first shell...
FTP to Web Shell & SeImpersonate – AuthBy @ PG Practice
xct2021-08-28T14:28:35+00:00AuthBy is a medium difficulty Windows machine on PG Practice. It involves getting FTP access to the web root of a web application and uploading a PHP web shell. For root, we'll exploit the SeImpersonate Privilege with Juicy Potato.
PHP Zerodium Backdoor & Sudo Knife – Knife @Hack The Box
xct2021-08-28T14:25:54+00:00This video is about Knife, a 20-point machine on HackTheBox that involves the zerodium php backdoor and using "sudo knife" to become root.