XSS, Deserialization & SeImpersonate – Cereal @ HackTheBox
We are solving Cereal, a 40-point machine on HackTheBox. For user, we will exploit a pretty tricky deserialization vulnerability in a .NET web app. For root, we exploit SeImpersonate.
We are solving Cereal, a 40-point machine on HackTheBox. For user, we will exploit a pretty tricky deserialization vulnerability in a .NET web app. For root, we exploit SeImpersonate.
Mango is a 30-point linux machine on hackthebox that involves a NoSQL-Injection which allows to obtain user passwords from a... read more
Monteverde is a 30-point Windows machine on HackTheBox that involves some LDAP and SMB enumeration to get the user flag.... read more
Writeup is a nice, medium difficulty machine on hackthebox, featuring the use of a publicly available sql injection exploit and... read more
Helpline is a really fun box on hackthebox.eu, which I was lucky enough to get system first blood on :)... read more
Sauna is a 20-point Windows Machine on HackTheBox. For user, we bruteforce usernames and then use ASREP-Roasting to obtain the... read more
We are going to solve Ophiuchi a 30-point machine on HackTheBox that involves a YAML parser vulnerability and a custom... read more
Heist is an "easy" machine on hackthebox, involving some enumeration (especially rpc) and some forensics (dumping firefox memory). read more
Arkham was a surprisingly hard box for the 30 points that were awarded for it, as I was struggling quite... read more
Bastion is an easy 20 points machine on hackthebox. It is about mounting a .vhd file over the network, retrieving... read more
Bankrobber is a 50-point machine on hackthebox that involves exploiting a cross site scripting vulnerability to gain access to an... read more