Crossfit @ HackTheBox
Solving Crossfit, a 50-point Linux machine on HackTheBox which involves a lot of cross-site scripting, a command-injection, and finally some light reversing.
20Mar
Related Posts
17Aug
Heist @ HackTheBox
Heist is an "easy" machine on hackthebox, involving some enumeration (especially rpc) and some forensics (dumping firefox memory). read more
28Aug
PHP Zerodium Backdoor & Sudo Knife – Knife @Hack The Box
This video is about Knife, a 20-point machine on HackTheBox that involves the zerodium php backdoor and using "sudo... read more
09May
Obscurity @ HackTheBox
Obscurity is a 30-point Linux machine on HackTheBox that involves exploiting a command injection in a custom webserver, breaking... read more
10Jun
Smasher 2 @ HackTheBox
Smasher2 is a difficult 50 points machine on hackthebox, involving some guessing to get the user flag (because the... read more
24Jul
Drupalgeddon & Sudo Snap Install – Armageddon @ HackTheBox
We are solving Armageddon, a really easy 20-point machine on HackTheBox that involves the drupalgeddon exploit, reading & cracking... read more
29May
XSS, Deserialization & SeImpersonate – Cereal @ HackTheBox
We are solving Cereal, a 40-point machine on HackTheBox. For user, we will exploit a pretty tricky deserialization vulnerability... read more
18May
Ellingson @ HackTheBox
Ellingson is fun and quick 40 points machine on hackthebox, featuring the abuse of the python/flask werkzeug debugger, cracking... read more
22Feb
Zipper @ HackTheBox
This post is a walkthrough of Zipper, an interesting machine on hackthebox.eu featuring the zabbix network monitoring application. It... read more
24Apr
DynamoDB & S3 Buckets – Bucket @ HackTheBox
We are going to solve Bucket, a medium Linux machine on HackTheBox. We get credentials from DynamoDB, upload a... read more
22Feb
Zetta @ HackTheBox
Zetta is 40-point machine on hackthebox. We will get the ipv6 address of the box via ftp, use rsync... read more