DynamoDB & S3 Buckets – Bucket @ HackTheBox
We are going to solve Bucket, a medium Linux machine on HackTheBox. We get credentials from DynamoDB, upload a webshell to a local S3 bucket and at the end exploit an html to pdf converter.
24Apr
Related Posts
02May
OpenAdmin @ HackTheBox
OpenAdmin is a 20-Point Linux machine on HackTheBox that involves using a public exploit for OpenNetAdmin & abusing a sudo... read more
02Jun
P.O.O. Endgame @ HackTheBox
P.O.O. Endgame is one of HackTheBox’s endgame labs and was just retired. It involves exploiting SQL Server Links & Active... read more
18May
Ellingson @ HackTheBox
Ellingson is fun and quick 40 points machine on hackthebox, featuring the abuse of the python/flask werkzeug debugger, cracking a... read more
30Mar
Curling @ HackTheBox
Curling is one of the easier boxes on hackthebox.eu, featuring getting a shell on joomla via template editing, getting a... read more
28Mar
Sniper @ HackTheBox
Sniper is a 30-point machine on HackTheBox that involves abusing a remote file inclusion and uploading a crafted chm file... read more
18Jan
Player @ HackTheBox
Player is a hard box, that we solved in unintended ways that are partly patched now. read more
13Apr
LaCasaDePapel @ HackTheBox
LaCasaDePapel is a rather easy machine on hackthebox.eu, featuring the use of php reflection, creating and signing of client certificates... read more
15May
Ghoul @ HackTheBox
Ghoul is a nice 40 points machine on hackthebox involving zip traversal, lateral movement, public exploits and some obscure hidden... read more
15Feb
Json @ HackTheBox
Json is a 30-point system on HackTheBox that involves exploiting a .NET deserialization vulnerability and has multiple ways for privilege... read more
21Aug
SQLi, ToC/ToU & Arbitrary File Write – Proper @ HackTheBox
We are solving Proper, a 40-point Windows machine on HackTheBox created by jkr and me. This box involves a custom... read more