XSS, Deserialization & SeImpersonate – Cereal @ HackTheBox
We are solving Cereal, a 40-point machine on HackTheBox. For user, we will exploit a pretty tricky deserialization vulnerability in a .NET web app. For root, we exploit SeImpersonate.
29May
Related Posts
10Apr
APT @ HackTheBox
APT is a 50-point machine on HackTheBox which involves getting the IPv6 Address via MS-RPC, credential spraying, and reading... read more
27Feb
Protected: Dream Diary 3 @ HackTheBox
There is no excerpt because this is a protected post. read more
11Apr
Traverxec @ HackTheBox
Traverxec is a 20-point machine on hackthebox that involves using a public exploit on the nostromo webserver, cracking the... read more
02Jun
P.O.O. Endgame @ HackTheBox
P.O.O. Endgame is one of HackTheBox’s endgame labs and was just retired. It involves exploiting SQL Server Links &... read more
13Jun
Monteverde @ HackTheBox
Monteverde is a 30-point Windows machine on HackTheBox that involves some LDAP and SMB enumeration to get the user... read more
10Jul
Electron-Updater RCE – Atom @ HackTheBox
We are going to solve Atom, a 30-point machine on HackTheBox where we'll analyze an electron app and exploit... read more
28Mar
Passage @ HackTheBox
Solving Passage on HackTheBox. This is an easy box involving 2 public exploits, one for the CuteNews CMS and... read more
10Jun
Writeup @ HackTheBox
Writeup is a nice, medium difficulty machine on hackthebox, featuring the use of a publicly available sql injection exploit... read more
30Jun
Haystack @ HackTheBox
Haystack is a 20 points machine on hackthebox, which in my opinion is not as easy as one might... read more
28Mar
Helpline @ HackThebox
Helpline is a really fun box on hackthebox.eu, which I was lucky enough to get system first blood on... read more