JWT & Docker CVE – TheNotebook @ HackTheBox
We are solving TheNotebook, a 30-point Machine on HackTheBox where we’ll modify a JWT Token, upload a PHP-Webshell and use a Docker CVE to escalate privileges.
31Jul
Related Posts
14Mar
Postman @ HackTheBox
Postman is a 20-point machine on hackthebox, that involves using redis to write an ssh key to disk, cracking the... read more
28Mar
Passage @ HackTheBox
Solving Passage on HackTheBox. This is an easy box involving 2 public exploits, one for the CuteNews CMS and one... read more
04Jul
ForwardSlash @ HackTheBox
ForwardSlash is a 40-point Linux Machine on HackTheBox. We use a path traversal vulnerability to get ssh credentials and abuse... read more
27Aug
Resource-Based Constrained Delegation – Resourced @ PG-Practice
Video & additional notes for Resourced, an intermediate difficulty Windows machine on PG-Practice that involves password spraying and an RBCD... read more
10Jun
Protected: Rastalabs Prolab @ HackTheBox
There is no excerpt because this is a protected post. read more
28Dec
InfernoCTF Weakened Keys
"Weakened Keys" was an interesting crypto challenge on InfernoCTF. read more
28Aug
FTP to Web Shell & SeImpersonate – AuthBy @ PG Practice
AuthBy is a medium difficulty Windows machine on PG Practice. It involves getting FTP access to the web root of... read more
25Jan
AI @ HackTheBox
AI is a 30 point machine on hackthebox that involves SQL injection via speech and abusing an exposed java debugging... read more
16May
Patents @ HackTheBox
Patents is a 40-point Linux machine on HackTheBox. For user we exploit an external entity injection in a word document... read more
24Apr
DynamoDB & S3 Buckets – Bucket @ HackTheBox
We are going to solve Bucket, a medium Linux machine on HackTheBox. We get credentials from DynamoDB, upload a webshell... read more