Hi everyone! Today’s post is on BountyHunter, an easy GNU/Linux HackTheBox machine. This machine was released on 25 July 2021. This machine requires XML External Entities (XXE) with base64 + URL encoding of the whole XML, base64 filtering to leak file contents. Finally, a custom exploit is needed to exploit an eval() vulnerability in a […]