Home • Vulndev

16OctOctober 16, 2021

Dynamic DNS & Command Injection – Dynstr @ HackTheBox

We are solving Dynstr, a 30-point Linux machine on HackTheBox that involves a Dynamic DNS Service & a Command Injection.

By xctCTFcommand injection, dynamic dns, hackthebox, linux, wildcard

09OctOctober 9, 2021

SSRF into Responder, gMSA Password & SeRestorePrivilege – Heist @ PG Practice

We are solving Heist from PG Practice. Heist is a really cool Windows machine that involves stealing a hash, reading a gMSA password & exploiting the SeRestorePrivilege.

By xctCTFgmsa password, pg practice, privileges, responder, ssrf, windows

25SepSeptember 25, 2021

SEH Based Buffer Overflow with Space Limitations – Kevin @ PG Practice

We are solving Kevin, an easy-rated Windows machine on PG Practice that involves a SEH Based Buffer Overflow.

By xctCTFbinary exploitation, pg practice, seh buffer overflow

18SepSeptember 18, 2021

HTTP Request Smuggling & AWS – Sink @ HackTheBox

We are solving Sink, a 50-point Linux machine on HackTheBox that involves HTTP Request Smuggling & retrieving secrets from Localstack.

By xctCTFaws, hackthebox, http request smuggling, linux, localstack

10SepSeptember 10, 2021

On Disabled Windows Privileges

Why we can shutdown a machine when our user has SeShutdownPrivilege listed as disabled?

By xctWindows Internalsc++, privileges, seshutdown, windows

09SepSeptember 9, 2021

SEH Based Buffer Overflow & DLL Hijacking – UT99 @ PG Practice

We are solving UT99, an intermediate windows box on PG Practice. On this box, we are going to exploit an SEH based buffer overflow. And to make it a bit more fun we'll do that one manually instead of just firing some exploit from exploitdb. Then for root, we...

By xctCTFbinary exploitation, dll hijacking, pg practice, seh buffer overflow, windows