Tag - command injection

Hackback @ HackTheBox

This post is about hackback, a really interesting and challenging machine that was released on 23.02.19 on hackthebox.eu. Techniques used on this box are javascript deobfuscation, command injection, tunneling traffic through aspx and a lot of custom exploitation, in addition to a recent windows 10 exploitation technique involving DCOM.

Read more...

Ethereal @ HackTheBox

Ethereal is a machine on hackthebox.eu that awards 50 points, the highest possible score/difficulty and requires some really fun techniques, teaching me several new things along the way. It features extracting files from a disk image, password guessing, blind command injection, openssl reverse shells, msi backdooring & signing of...

Read more...