Exploiting Gitlab 12.8.1 – Laboratory @ HackTheBox
We are going to solve Laboratory, which is an easy linux machine on HackTheBox with a CVE on Gitlab for user and path hijacking on a setuid binary for root.
17Apr
Related Posts
22Jan
SSRF & Python Debugger – Forge @ HackTheBox
We are solving Forge, a medium difficulty Linux machine on HackTheBox which involves an SSRF & playing with the python... read more
27Nov
Password Spraying, gMSA, ADIDNS & Constrained Delegation – Intelligence @ HackTheBox
We are solving intelligence, a nice windows machine on HackTheBox, created by Micah. For user, we will enumerate pdfs on... read more
27Feb
Protected: Dream Diary 3 @ HackTheBox
There is no excerpt because this is a protected post. read more
12Jun
PHP Unserialize & Race Condition – Tenet @ HackTheBox
We are solving Tenet, a 30-point machine HackTheBox that involves a simple PHP deserialization vulnerability, password reuse and a race... read more
17Aug
Heist @ HackTheBox
Heist is an "easy" machine on hackthebox, involving some enumeration (especially rpc) and some forensics (dumping firefox memory). read more
18Sep
HTTP Request Smuggling & AWS – Sink @ HackTheBox
We are solving Sink, a 50-point Linux machine on HackTheBox that involves HTTP Request Smuggling & retrieving secrets from Localstack. read more
06Nov
Active Directory, Reverse Engineering & Unintended Solutions – Pivotapi @ HackTheBox
We are solving Pivotapi, a 50-point Windows machine on HackTheBox. This one involves some Reverse Engineering, MSSQL, and Active Directory... read more
27Dec
Lab – Lustrous Walkthrough
This is a short walkthrough on Lustrous, a chain consisting of 2 machines on vulnlab. read more
19Jun
Squidception, OpenSMTPD & Kerberos – Tentacle @ HackTheBox
We are going to solve Tentacle, a 40-point machine on HackTheBox which involves a bit of Squid Proxy Magic 🦑(🦑... read more
18Apr
Mango @ HackTheBox
Mango is a 30-point linux machine on hackthebox that involves a NoSQL-Injection which allows to obtain user passwords from a... read more