• Home
  • Blog
  • CTF
  • XSS, Deserialization & SeImpersonate – Cereal @ HackTheBox

XSS, Deserialization & SeImpersonate – Cereal @ HackTheBox

Related Posts

20Jul

Craft @ HackTheBox

Craft is a medium difficulty box. read more

04Sep

Command Injection, Prototype Pollution & Kubernetes – Unobtainium @ HackTheBox

This video is about Unobtainium, a 40-point Linux machine on HackTheBox. For user, we download an electron app and proxy... read more

16Feb

Giddy @ HackTheBox

In this post I will give a quick walkthrough on Giddy from hackthebox.eu. The machine involves (automated) sql injection, stealing... read more

16May

Patents @ HackTheBox

Patents is a 40-point Linux machine on HackTheBox. For user we exploit an external entity injection in a word document... read more

25May

Luke @ HackTheBox

Luke is a rather short, easy machine on hackthebox, which was nonetheless fun to solve and our team got both... read more

22Feb

Zipper @ HackTheBox

This post is a walkthrough of Zipper, an interesting machine on hackthebox.eu featuring the zabbix network monitoring application. It involves... read more

24Jul

Drupalgeddon & Sudo Snap Install – Armageddon @ HackTheBox

We are solving Armageddon, a really easy 20-point machine on HackTheBox that involves the drupalgeddon exploit, reading & cracking a... read more

25Jan

AI @ HackTheBox

AI is a 30 point machine on hackthebox that involves SQL injection via speech and abusing an exposed java debugging... read more

05Dec

Stealing Hashes with Responder, GPO Permissions & Unintended Ways – Vault @ PG Practice

We are solving Vault from PG Practice. This machine involves planting malicious files on an SMB share to steal hashes.... read more

10Jul

Electron-Updater RCE – Atom @ HackTheBox

We are going to solve Atom, a 30-point machine on HackTheBox where we'll analyze an electron app and exploit its... read more