Blog • Page 3 of 12 • Vulndev

18SepSeptember 18, 2021

HTTP Request Smuggling & AWS – Sink @ HackTheBox

We are solving Sink, a 50-point Linux machine on HackTheBox that involves HTTP Request Smuggling & retrieving secrets from Localstack.

By xctCTFaws, hackthebox, http request smuggling, linux, localstack

10SepSeptember 10, 2021

On Disabled Windows Privileges

Why we can shutdown a machine when our user has SeShutdownPrivilege listed as disabled?

By xctWindows Internalsc++, privileges, seshutdown, windows

09SepSeptember 9, 2021

SEH Based Buffer Overflow & DLL Hijacking – UT99 @ PG Practice

We are solving UT99, an intermediate windows box on PG Practice. On this box, we are going to exploit an SEH based buffer overflow. And to make it a bit more fun we'll do that one manually instead of just firing some exploit from exploitdb. Then for root, we will...

By xctCTFbinary exploitation, dll hijacking, pg practice, seh buffer overflow, windows

04SepSeptember 4, 2021

Command Injection, Prototype Pollution & Kubernetes – Unobtainium @ HackTheBox

This video is about Unobtainium, a 40-point Linux machine on HackTheBox. For user, we download an electron app and proxy it through burp to find some credentials, which we can then use on an API endpoint. Combining a command injection & prototype pollution will then lead to a first shell...

By xctCTFcommand injection, electron, hackthebox, kubernetes, linux, prototype pollution

28AugAugust 28, 2021

FTP to Web Shell & SeImpersonate – AuthBy @ PG Practice

AuthBy is a medium difficulty Windows machine on PG Practice. It involves getting FTP access to the web root of a web application and uploading a PHP web shell. For root, we'll exploit the SeImpersonate Privilege with Juicy Potato.

By xctCTFftp, offsec, pg practice, seimpersonate, windows

28AugAugust 28, 2021

PHP Zerodium Backdoor & Sudo Knife – Knife @Hack The Box

This video is about Knife, a 20-point machine on HackTheBox that involves the zerodium php backdoor and using "sudo knife" to become root.

By xctCTFbackdoor, hackthebox, knife, php

21AugAugust 21, 2021

SQLi, ToC/ToU & Arbitrary File Write – Proper @ HackTheBox

We are solving Proper, a 40-point Windows machine on HackTheBox created by jkr and me. This box involves a custom SQL-Injection and a Remote-File-Inclusion that is quite tricky to exploit. Root is about a custom service binary running as SYSTEM and requires some light golang reversing and knowledge about windows...

By xctCTFarbitrary file write, golang, hackthebox, reversing, rfi, sql injection, toctou

14AugAugust 14, 2021

DNS Rebinding, XSS & 2FA SSH – Crossfit2 @ HackTheBox

We are solving Crossfit2, a 50-point OpenBSD machine on HackTheBox.

By xctCTF2fa, dns rebinding, hackthebox, node, openbsd, sql injection, xss, yubikey

31JulJuly 31, 2021

JWT & Docker CVE – TheNotebook @ HackTheBox

We are solving TheNotebook, a 30-point Machine on HackTheBox where we'll modify a JWT Token, upload a PHP-Webshell and use a Docker CVE to escalate privileges.

By xctCTFdocker, hackthebox, jwt, php

24JulJuly 24, 2021

Drupalgeddon & Sudo Snap Install – Armageddon @ HackTheBox

We are solving Armageddon, a really easy 20-point machine on HackTheBox that involves the drupalgeddon exploit, reading & cracking a password from the database, and finally exploiting "sudo snap install *".

By xctCTFdrupal, hackthebox, linux, snap