Year of the Jellyfish @ TryHackMe
In this video, we are going to solve Jellyfish, a medium difficulty box from TryHackMe, which involves exploiting a PHP web app called Monitor and using dirty_sock for root.
In this video, we are going to solve Jellyfish, a medium difficulty box from TryHackMe, which involves exploiting a PHP web app called Monitor and using dirty_sock for root.
We are going to solve Bucket, a medium Linux machine on HackTheBox. We get credentials from DynamoDB, upload a webshell to a local S3 bucket and at the end exploit an html to pdf converter.
We are going to solve Laboratory, which is an easy linux machine on HackTheBox with a CVE on Gitlab for user and path hijacking on a setuid binary for root.
APT is a 50-point machine on HackTheBox which involves getting the IPv6 Address via MS-RPC, credential spraying, and reading the boxes registry remotely. For root, we force authentication of the bo...
Time is a 30-point machine on HackTheBox that involves using a public exploit for a CVE and overwriting a shell script that is periodically run by root.
Solving Passage on HackTheBox. This is an easy box involving 2 public exploits, one for the CuteNews CMS and one for the USBCreator D-Bus interface.
Solving Luanne on HackTheBox. This is an easy 20-point machine involving a simple command injection and some password cracking.
Solving Crossfit, a 50-point Linux machine on HackTheBox which involves a lot of cross-site scripting, a command-injection, and finally some light reversing.
Solving Reel2 on HackTheBox. This is a 40 point box involving Spraying, Phishing, Sticky Notes and JEA.
Solving Academy on HackTheBox, a 20-point Linux machine on HackTheBox that involves a Laravel deserialization RCE, stored credentials & sudo composer.