XSS, Deserialization & SeImpersonate – Cereal @ HackTheBox
We are solving Cereal, a 40-point machine on HackTheBox. For user, we will exploit a pretty tricky deserialization vulnerability in a .NET web app. For root, we exploit SeImpersonate.
We are solving Cereal, a 40-point machine on HackTheBox. For user, we will exploit a pretty tricky deserialization vulnerability in a .NET web app. For root, we exploit SeImpersonate.
Smasher2 is a difficult 50 points machine on hackthebox, involving some guessing to get the user flag (because the author... read more
We are going to solve Bucket, a medium Linux machine on HackTheBox. We get credentials from DynamoDB, upload a webshell... read more
My video about Spectra, a 20-point machine on HackTheBox that involves admin access to a WordPress site, allowing us to... read more
We are going to solve Ophiuchi a 30-point machine on HackTheBox that involves a YAML parser vulnerability and a custom... read more
Forest is a 20-point active directory machine on HackTheBox that involves user enumeration, AS-REP-Roasting and abusing Active Directory ACLs to... read more
This video is about Knife, a 20-point machine on HackTheBox that involves the zerodium php backdoor and using "sudo knife"... read more
Rainbow is a medium difficulty machine that involves a SEH-based buffer overflow for user and a UAC bypass for root. read more
Fortune is a 50 point machine on hackthebox.eu featuring OpenBSD. I was lucky enough to get first blood on this... read more
This post is about hackback, a really interesting and challenging machine that was released on 23.02.19 on hackthebox.eu. Techniques used... read more
AI is a 30 point machine on hackthebox that involves SQL injection via speech and abusing an exposed java debugging... read more