We are solving Anubis, a 50-point windows machine on HackTheBox which involves an ASP template injection, windows containers, and stealing hashes with Responder. Later we'll escalate privileges using noPAC.
We are solving Forge, a medium difficulty Linux machine on HackTheBox which involves an SSRF & playing with the python debugger.
We are going to solve Developer, a pretty hard Linux machine on HackTheBox. It involves Cross-Site-Scripting, Tab Nabbing & reversing a rust binary.
I always had difficulties understanding what Silver Tickets are and how they are used. Maybe this comes from the fact that they are rarely seen in labs. They can be really powerful though, so I'll be trying my best to describe my understanding of them in this post.
We are solving Previse, an easy linux machine on HackTheBox that involves a Command Injection & Path Hijacking.
On December 10th 2021 the Log4Shell vulnerability, a "0-day" exploit in log4j2 appeared on Twitter. In this post, we will explore how to exploit it with LDAP in a lab environment.
We are solving Vault from PG Practice. This machine involves planting malicious files on an SMB share to steal hashes. For root, we will abuse GPO Permissions and explore 2 unintended privilege escalations.