Hi everyone! Today’s post is on Previse, an easy HackTheBox Linux machine. This machine was released on 8 August 2021. In this machine, a URL redirect status 302 is exploited to leak the actual web page without logining in, exploiting unsanitized POST data run on the server’s PHP’s exec(), extracting user password from one-liner MySQL […]
Hi everyone! Today’s write-up is on Pandora, an easy GNU/Linux machine released on 10th January 2022. I won’t say the machine is easy if you are those who build the SQL injection exploit from scratch. Someone actually build the PoC exploit for an old CVE recently for this HackTheBox challenge so I leached on it. […]
Hi everyone! This is a write-up on the recent SANS Holiday Hack Challenge CTF. I hope they will be helpful to you. It is my first time trying out SANS Holiday Hack challenge as they host it yearly. If you haven’t tried it out, the main goal of this CTF is to learn. Hence there […]
There is no excerpt because this is a protected post.
Hi everyone! Today’s post is on Schooled, a medium-level HackTheBox FreeBSD machine. This machine was released on 4 April 2021. This challenge test on enumerating vhost for subdomains, XSS to steal session cookies, exploiting Moodle’s CVE2020-14321 for RCE, accessing MySQL for user table’s BCrypt hash password, hashcat to crack the hash, and exploiting pkg GTFObins […]
Hi everyone! Today’s post is on path injection. Let’s get started. Identifying path injection vulnerability There are many ways that may lead to path injection vulnerability. However, this post will only focus on path injection vulnerability in bash scripts. Path injection vulnerability usually occurs if root users do not specify the full path of the […]
Dear readers, Today’s post is on Armageddon, a GNU/Linux easy machine on HackTheBox. It was created on 28th March 2021. This challenge tests on find CVE vulnerability on a website, pivoting from apache user from web shell to local user by getting information from MySQL using MySQL one-liner, cracking the hash, and privilege escalation through […]
Hi everyone! Today’s post is on Shocker, an easy GNU/Linux machine on HackTheBox. It was created on 1st October 2017. It is a very easy machine which can probably take you less than 10 mins to pwn it. The only time-consuming part is choosing the right tool for enumeration. This machine is on exploiting shell […]
Dear readers, Sometimes we may want to spawn a reverse shell from the server we have just pawned especially a Linux web server. It seems trouble to generate a payload from msfvenom. Therefore, here is some easy bash-based reverse shell. Setting up a listening port for incoming TCP connection We can use netcat to listen […]
Dear readers, Recently I was doing a HackTheBox challenge that involves ROP and did a write-up of it then realized I would like to pen down more detailed content of ROP such as symbols vs PLT vs GOT, stack alignment, etc. So here we go. ROP condition No canaries / stack cookies Stack executable or […]
Lamecarrot 