HTTP Request Smuggling & AWS – Sink @ HackTheBox
We are solving Sink, a 50-point Linux machine on HackTheBox that involves HTTP Request Smuggling & retrieving secrets from Localstack.
We are solving Sink, a 50-point Linux machine on HackTheBox that involves HTTP Request Smuggling & retrieving secrets from Localstack.
Why we can shutdown a machine when our user has SeShutdownPrivilege listed as disabled?
We are solving UT99, an intermediate windows box on PG Practice. On this box, we are going to exploit an SEH based buffer overflow. And to make it a bit more fun we'll do that one manually instead of just firing some exploit from exploitdb. Then for root, we will...
This video is about Unobtainium, a 40-point Linux machine on HackTheBox. For user, we download an electron app and proxy it through burp to find some credentials, which we can then use on an API endpoint. Combining a command injection & prototype pollution will then lead to a first shell...
AuthBy is a medium difficulty Windows machine on PG Practice. It involves getting FTP access to the web root of a web application and uploading a PHP web shell. For root, we'll exploit the SeImpersonate Privilege with Juicy Potato.
This video is about Knife, a 20-point machine on HackTheBox that involves the zerodium php backdoor and using "sudo knife" to become root.
We are solving Proper, a 40-point Windows machine on HackTheBox created by jkr and me. This box involves a custom SQL-Injection and a Remote-File-Inclusion that is quite tricky to exploit. Root is about a custom service binary running as SYSTEM and requires some light golang reversing and knowledge about windows...
We are solving Crossfit2, a 50-point OpenBSD machine on HackTheBox.
We are solving TheNotebook, a 30-point Machine on HackTheBox where we'll modify a JWT Token, upload a PHP-Webshell and use a Docker CVE to escalate privileges.
We are solving Armageddon, a really easy 20-point machine on HackTheBox that involves the drupalgeddon exploit, reading & cracking a password from the database, and finally exploiting "sudo snap install *".