Tag - rfi

SQLi, ToC/ToU & Arbitrary File Write – Proper @ HackTheBox

We are solving Proper, a 40-point Windows machine on HackTheBox created by jkr and me. This box involves a custom SQL-Injection and a Remote-File-Inclusion that is quite tricky to exploit. Root is about a custom service binary running as SYSTEM and requires some light golang reversing and knowledge about windows...