DNS Rebinding, XSS & 2FA SSH – Crossfit2 @ HackTheBox
We are solving Crossfit2, a 50-point OpenBSD machine on HackTheBox.
14Aug
31Jul
JWT & Docker CVE – TheNotebook @ HackTheBox
We are solving TheNotebook, a 30-point Machine on HackTheBox where we'll modify a JWT Token, upload a PHP-Webshell and use a Docker CVE to escalate privileges.
24Jul
Drupalgeddon & Sudo Snap Install – Armageddon @ HackTheBox
We are solving Armageddon, a really easy 20-point machine on HackTheBox that involves the drupalgeddon exploit, reading & cracking a password from the database, and finally exploiting "sudo snap install *".
17Jul
LFI to RCE, Sticky Notes & SQLi – Breadcrumbs @ HackTheBox
We are solving Breadcrumbs, a 40-point Windows machine on HackTheBox. For user, we exploit an LFI to read PHP source code, forge a session cookie & upload a PHP shell. Root involves dumping sticky notes content & exploiting a SQL injection.
10Jul
Electron-Updater RCE – Atom @ HackTheBox
We are going to solve Atom, a 30-point machine on HackTheBox where we'll analyze an electron app and exploit its updater. For root we will enumerate the running Redis instance, find an encrypted kanban password and then decrypt it.
03Jul
SnakeYAML, Go & WebAssembly – Ophiuchi @ HackTheBox
We are going to solve Ophiuchi a 30-point machine on HackTheBox that involves a YAML parser vulnerability and a custom program we can execute with sudo, which loads a web assembly file and executes a shell script without using the absolute path.
26Jun
WordPress & Initctl on ChromeOS – Spectra @ HackTheBox
My video about Spectra, a 20-point machine on HackTheBox that involves admin access to a WordPress site, allowing us to upload a malicious plugin via Metasploit and get a shell. For root, we replace a file that is executed if we run sudo initctl.
19Jun
Squidception, OpenSMTPD & Kerberos – Tentacle @ HackTheBox
We are going to solve Tentacle, a 40-point machine on HackTheBox which involves a bit of Squid Proxy Magic 🦑(🦑 (🦑 )), exploiting OpenSMTPD and some Kerberos.
12Jun
PHP Unserialize & Race Condition – Tenet @ HackTheBox
We are solving Tenet, a 30-point machine HackTheBox that involves a simple PHP deserialization vulnerability, password reuse and a race condition.
29May
XSS, Deserialization & SeImpersonate – Cereal @ HackTheBox
We are solving Cereal, a 40-point machine on HackTheBox. For user, we will exploit a pretty tricky deserialization vulnerability in a .NET web app. For root, we exploit SeImpersonate.