SnakeYAML, Go & WebAssembly – Ophiuchi @ HackTheBox
xct2021-07-03T15:03:30+00:00We are going to solve Ophiuchi a 30-point machine on HackTheBox that involves a YAML parser vulnerability and a custom program we can execute with sudo, which loads a web assembly file and executes a shell script without using the absolute path.
WordPress & Initctl on ChromeOS – Spectra @ HackTheBox
xct2021-06-26T16:19:37+00:00My video about Spectra, a 20-point machine on HackTheBox that involves admin access to a WordPress site, allowing us to upload a malicious plugin via Metasploit and get a shell. For root, we replace a file that is executed if we run sudo initctl.
Squidception, OpenSMTPD & Kerberos – Tentacle @ HackTheBox
xct2021-06-28T13:06:01+00:00We are going to solve Tentacle, a 40-point machine on HackTheBox which involves a bit of Squid Proxy Magic 🦑(🦑 (🦑 )), exploiting OpenSMTPD and some Kerberos.
PHP Unserialize & Race Condition – Tenet @ HackTheBox
xct2021-06-28T13:06:12+00:00We are solving Tenet, a 30-point machine HackTheBox that involves a simple PHP deserialization vulnerability, password reuse and a race condition.
XSS, Deserialization & SeImpersonate – Cereal @ HackTheBox
xct2021-06-28T13:36:00+00:00We are solving Cereal, a 40-point machine on HackTheBox. For user, we will exploit a pretty tricky deserialization vulnerability in a .NET web app. For root, we exploit SeImpersonate.
Getting Access through the Helpdesk – Delivery @ HackTheBox
xct2021-06-28T13:35:25+00:00We are going to solve Delivery, a 20-point machine on HackTheBox. For user, we will bypass email verification on a local Mattermost instance by opening a helpdesk ticket and using its temporary email address to register. For root we will use su-crack to bruteforce the root password based on a...