XSS, Deserialization & SeImpersonate – Cereal @ HackTheBox
We are solving Cereal, a 40-point machine on HackTheBox. For user, we will exploit a pretty tricky deserialization vulnerability in a .NET web app. For root, we exploit SeImpersonate.
29May
Related Posts
27Feb
Academy @ HackTheBox
Solving Academy on HackTheBox, a 20-point Linux machine on HackTheBox that involves a Laravel deserialization RCE, stored credentials &... read more
28Apr
Bastion @ HackTheBox
Bastion is an easy 20 points machine on hackthebox. It is about mounting a .vhd file over the network,... read more
21Aug
SQLi, ToC/ToU & Arbitrary File Write – Proper @ HackTheBox
We are solving Proper, a 40-point Windows machine on HackTheBox created by jkr and me. This box involves a... read more
04Apr
Registry @ HackTheBox
Registry is a 40-point machine on HackTheBox that involves interacting with a docker registry to download a docker image... read more
21Nov
Buff @ HackTheBox
Buff is a 20-point Windows Machine on HackTheBox, created by egotisticalSW. It involves 2 simple public exploits and forwarding... read more
28Aug
PHP Zerodium Backdoor & Sudo Knife – Knife @Hack The Box
This video is about Knife, a 20-point machine on HackTheBox that involves the zerodium php backdoor and using "sudo... read more
27Feb
Protected: Dream Diary 3 @ HackTheBox
There is no excerpt because this is a protected post. read more
24Apr
DynamoDB & S3 Buckets – Bucket @ HackTheBox
We are going to solve Bucket, a medium Linux machine on HackTheBox. We get credentials from DynamoDB, upload a... read more
12Jun
PHP Unserialize & Race Condition – Tenet @ HackTheBox
We are solving Tenet, a 30-point machine HackTheBox that involves a simple PHP deserialization vulnerability, password reuse and a... read more
10Jun
Smasher 2 @ HackTheBox
Smasher2 is a difficult 50 points machine on hackthebox, involving some guessing to get the user flag (because the... read more