Archives

Writeup of the PivotAPI machine from Hack The Box

Writeup of the fullpwn challenge called BBQ from HackTheBox Business CTF 2021

Writeup of the web challenge called Emergency from HackTheBox Business CTF 2021

Writeup of the web challenge called Emergency from HackTheBox Business CTF 2021

Writeup of the web challenge called NoteQL from HackTheBox Business CTF 2021

Writeup of the web challenge called Time from HackTheBox Business CTF 2021

Writeup of the misc challenge called discordvm from HackTheBox Business CTF 2021

New weekly challenge that contains forging of Json Web Tokens, bruteforcing of session cookies, SQLi and more.

By hijacking a DLL we can use Discord as a way of getting persistence on a compromised system. Nothing new but a fun experiment nonetheless.

By embedding specially crafted JS into a PDF, we can trigger a recently discovered vulnerability in the NTFS driver and potentially corrupt the MFT.

Security Onion V2 prior to v2.3.10 ships with a sudo misconfiguration that lets local users get root by editing so-setup, no password needed.

The holiday season is nearly upon us and it's time to get into the christmas spirit. And what better way to do exactly that than to combine a christmas tree with cyber security?

New weekly challenge on THM. This writeup covers CrackMapExec, Evil-WinRM, a new CVE in Spark and more.

So, this isn't a new, groundbreaking tool. Tools used to combine wordlists have existed since... forever. The problem is that I often find myself in the situation where I need a simple tool to create a combined wordlist, using either a prepend or append method.

New week, new challenge. This is my writeup of the Wonderland machine.

QuickBox CE <= v2.5.5 and QuickBox Pro <= 2.1.8 are both affected by an authenticated remote code execution (RCE) and privilege escalation vulnerability. A low-privileged user can execute arbitary commands on the server with the privileges of the user running the web server...

This is a writeup of the retired Hack The Box RedCross machine.

Writeup of DC-4 from Vulnhub. Another beginner-to-intermediate box from the DC series.

Working through the Lin.Security box to practice Linux privilege escalation across a bunch of misconfigured SUDO entries.

Writeup of DC-3 from Vulnhub. One port, one flag, Joomla.

Today we are solving DC-2. This machine is created by DCAU7 who also created DC-1. Even though the machine is for beginners I figured I could try and solve it anyway.

Writeup of the RootThis: 1 machine from Vulnhub.

Today we are solving "unknowndevice64" from Vulnhub - the most recent machine as of this writing.

Writeup of CH4INRULZ. LFI to image upload bypass to RCE, then DirtyCow for privilege escalation.

Writeup of MERCY v2 from digitalworld.local, a machine built for practicing OSCP-style enumeration and exploitation.

This is a writeup of the recently released Casino Royale: 1 machine from Vulnhub

This is a writeup of the retired Hack The Box Sneaky machine.

This is a writeup of the retired Hack The Box Devel machine.

This is a writeup of the retired Hack The Box Jerry machine.

This is a writeup of the retired Hack The Box Waldo machine.

This is a writeup of the retired Hack The Box Devoops machine.