DNS Rebinding, XSS & 2FA SSH - Crossfit2 @ HackTheBox
We are solving Crossfit2, a 50-point OpenBSD machine on HackTheBox. Notes Websocket Proxy Author: https://rayhan0x01.github.io/ctf/2021/04/02/blind-sqli-over-websocket-automation.html from ht...
We are solving Crossfit2, a 50-point OpenBSD machine on HackTheBox. Notes Websocket Proxy Author: https://rayhan0x01.github.io/ctf/2021/04/02/blind-sqli-over-websocket-automation.html from ht...
We are solving TheNotebook, a 30-point Machine on HackTheBox where we’ll modify a JWT Token, upload a PHP-Webshell and use a Docker CVE to escalate privileges.
We are solving Armageddon, a really easy 20-point machine on HackTheBox that involves the drupalgeddon exploit, reading & cracking a password from the database, and finally exploiting “sudo sna...
We are solving Breadcrumbs, a 40-point Windows machine on HackTheBox. For user, we exploit an LFI to read PHP source code, forge a session cookie & upload a PHP shell. Root involves dumping sti...
We are going to solve Atom, a 30-point machine on HackTheBox where we’ll analyze an electron app and exploit its updater. For root we will enumerate the running Redis instance, find an encrypted ka...
We are going to solve Ophiuchi a 30-point machine on HackTheBox that involves a YAML parser vulnerability and a custom program we can execute with sudo, which loads a web assembly file and executes...
My video about Spectra, a 20-point machine on HackTheBox that involves admin access to a WordPress site, allowing us to upload a malicious plugin via Metasploit and get a shell. For root, we replac...
We are going to solve Tentacle, a 40-point machine on HackTheBox which involves a bit of Squid Proxy Magic 🦑(🦑 (🦑 )), exploiting OpenSMTPD and some Kerberos.
We are solving Tenet, a 30-point machine HackTheBox that involves a simple PHP deserialization vulnerability, password reuse and a race condition.
We are solving Cereal, a 40-point machine on HackTheBox. For user, we will exploit a pretty tricky deserialization vulnerability in a .NET web app. For root, we exploit SeImpersonate.