XSS, Deserialization & SeImpersonate – Cereal @ HackTheBox
We are solving Cereal, a 40-point machine on HackTheBox. For user, we will exploit a pretty tricky deserialization vulnerability in a .NET web app. For root, we exploit SeImpersonate.
29May
Related Posts
30Mar
Curling @ HackTheBox
Curling is one of the easier boxes on hackthebox.eu, featuring getting a shell on joomla via template editing, getting... read more
27Nov
Password Spraying, gMSA, ADIDNS & Constrained Delegation – Intelligence @ HackTheBox
We are solving intelligence, a nice windows machine on HackTheBox, created by Micah. For user, we will enumerate pdfs... read more
28Mar
Helpline @ HackThebox
Helpline is a really fun box on hackthebox.eu, which I was lucky enough to get system first blood on... read more
15May
Ghoul @ HackTheBox
Ghoul is a nice 40 points machine on hackthebox involving zip traversal, lateral movement, public exploits and some obscure... read more
15Feb
Json @ HackTheBox
Json is a 30-point system on HackTheBox that involves exploiting a .NET deserialization vulnerability and has multiple ways for... read more
09Sep
SEH Based Buffer Overflow & DLL Hijacking – UT99 @ PG Practice
We are solving UT99, an intermediate windows box on PG Practice. On this box, we are going to exploit... read more
21Aug
SQLi, ToC/ToU & Arbitrary File Write – Proper @ HackTheBox
We are solving Proper, a 40-point Windows machine on HackTheBox created by jkr and me. This box involves a... read more
28Mar
Passage @ HackTheBox
Solving Passage on HackTheBox. This is an easy box involving 2 public exploits, one for the CuteNews CMS and... read more
18May
Ellingson @ HackTheBox
Ellingson is fun and quick 40 points machine on hackthebox, featuring the abuse of the python/flask werkzeug debugger, cracking... read more
13Apr
RedCross @ HackTheBox
Redcross is a machine on hackthebox.eu, featuring sql injection, cookie reuse and a nice binary exploitation challenge, which I... read more