PHP Unserialize & Race Condition – Tenet @ HackTheBox

Sniper is a 30-point machine on HackTheBox that involves abusing a remote file inclusion and uploading a crafted chm file... read more

LaCasaDePapel is a rather easy machine on hackthebox.eu, featuring the use of php reflection, creating and signing of client certificates... read more

Postman is a 20-point machine on hackthebox, that involves using redis to write an ssh key to disk, cracking the... read more

We are solving Anubis, a 50-point windows machine on HackTheBox which involves an ASP template injection, windows containers, and stealing... read more

We are solving Vault from PG Practice. This machine involves planting malicious files on an SMB share to steal hashes.... read more

We are solving Forge, a medium difficulty Linux machine on HackTheBox which involves an SSRF & playing with the python... read more

Baby is an easy machine on Vulnlab that involves enumerating LDAP & spraying credentials. For SYSTEM we exploit SeBackup &... read more

We are going to solve Tentacle, a 40-point machine on HackTheBox which involves a bit of Squid Proxy Magic 🦑(🦑... read more

We are solving UT99, an intermediate windows box on PG Practice. On this box, we are going to exploit an... read more

Solving Academy on HackTheBox, a 20-point Linux machine on HackTheBox that involves a Laravel deserialization RCE, stored credentials & sudo... read more