linux Archives • Vulndev

22JanJanuary 22, 2022

SSRF & Python Debugger – Forge @ HackTheBox

We are solving Forge, a medium difficulty Linux machine on HackTheBox which involves an SSRF & playing with the python debugger.

By xctCTFhackthebox, linux, pdb, ssrf

08JanJanuary 8, 2022

Command Injection & Path Hijacking – Previse @ HackTheBox

We are solving Previse, an easy linux machine on HackTheBox that involves a Command Injection & Path Hijacking.

By xctCTFcommand injection, hackthebox, linux, path hijacking

16OctOctober 16, 2021

Dynamic DNS & Command Injection – Dynstr @ HackTheBox

We are solving Dynstr, a 30-point Linux machine on HackTheBox that involves a Dynamic DNS Service & a Command Injection.

By xctCTFcommand injection, dynamic dns, hackthebox, linux, wildcard

18SepSeptember 18, 2021

HTTP Request Smuggling & AWS – Sink @ HackTheBox

We are solving Sink, a 50-point Linux machine on HackTheBox that involves HTTP Request Smuggling & retrieving secrets from Localstack.

By xctCTFaws, hackthebox, http request smuggling, linux, localstack

04SepSeptember 4, 2021

Command Injection, Prototype Pollution & Kubernetes – Unobtainium @ HackTheBox

This video is about Unobtainium, a 40-point Linux machine on HackTheBox. For user, we download an electron app and proxy it through burp to find some credentials, which we can then use on an API endpoint. Combining a command injection & prototype pollution will then lead to a first...

By xctCTFcommand injection, electron, hackthebox, kubernetes, linux, prototype pollution

24JulJuly 24, 2021

Drupalgeddon & Sudo Snap Install – Armageddon @ HackTheBox

We are solving Armageddon, a really easy 20-point machine on HackTheBox that involves the drupalgeddon exploit, reading & cracking a password from the database, and finally exploiting "sudo snap install *".

By xctCTFdrupal, hackthebox, linux, snap

03JulJuly 3, 2021

SnakeYAML, Go & WebAssembly – Ophiuchi @ HackTheBox

We are going to solve Ophiuchi a 30-point machine on HackTheBox that involves a YAML parser vulnerability and a custom program we can execute with sudo, which loads a web assembly file and executes a shell script without using the absolute path.

By xctCTFgo, hackthebox, linux, sudo, webassembly, yaml

19JunJune 19, 2021

Squidception, OpenSMTPD & Kerberos – Tentacle @ HackTheBox

We are going to solve Tentacle, a 40-point machine on HackTheBox which involves a bit of Squid Proxy Magic 🦑(🦑 (🦑 )), exploiting OpenSMTPD and some Kerberos.

By xctCTFhackthebox, kerberos, linux, proxychains, squid

12JunJune 12, 2021

PHP Unserialize & Race Condition – Tenet @ HackTheBox

We are solving Tenet, a 30-point machine HackTheBox that involves a simple PHP deserialization vulnerability, password reuse and a race condition.

By xctCTFdeserialization, hackthebox, linux, race condition

22MayMay 22, 2021

Getting Access through the Helpdesk – Delivery @ HackTheBox

We are going to solve Delivery, a 20-point machine on HackTheBox. For user, we will bypass email verification on a local Mattermost instance by opening a helpdesk ticket and using its temporary email address to register. For root we will use su-crack to bruteforce the root password based on...

By xctCTFhackthebox, linux, mattermost

Tag - linux