Year of the Jellyfish @ TryHackMe
In this video, we are going to solve Jellyfish, a medium difficulty box from TryHackMe, which involves exploiting a PHP web app called Monitorr and using dirty_sock for root.
30Apr
Related Posts
28Mar
Sniper @ HackTheBox
Sniper is a 30-point machine on HackTheBox that involves abusing a remote file inclusion and uploading a crafted chm file... read more
05Dec
Stealing Hashes with Responder, GPO Permissions & Unintended Ways – Vault @ PG Practice
We are solving Vault from PG Practice. This machine involves planting malicious files on an SMB share to steal hashes.... read more
18Sep
HTTP Request Smuggling & AWS – Sink @ HackTheBox
We are solving Sink, a 50-point Linux machine on HackTheBox that involves HTTP Request Smuggling & retrieving secrets from Localstack. read more
30Mar
Curling @ HackTheBox
Curling is one of the easier boxes on hackthebox.eu, featuring getting a shell on joomla via template editing, getting a... read more
04Jul
ForwardSlash @ HackTheBox
ForwardSlash is a 40-point Linux Machine on HackTheBox. We use a path traversal vulnerability to get ssh credentials and abuse... read more
10Apr
APT @ HackTheBox
APT is a 50-point machine on HackTheBox which involves getting the IPv6 Address via MS-RPC, credential spraying, and reading the... read more
06Jul
Hackback @ HackTheBox
This post is about hackback, a really interesting and challenging machine that was released on 23.02.19 on hackthebox.eu. Techniques used... read more
12Jun
PHP Unserialize & Race Condition – Tenet @ HackTheBox
We are solving Tenet, a 30-point machine HackTheBox that involves a simple PHP deserialization vulnerability, password reuse and a race... read more
28Apr
Bastion @ HackTheBox
Bastion is an easy 20 points machine on hackthebox. It is about mounting a .vhd file over the network, retrieving... read more
16Oct
Dynamic DNS & Command Injection – Dynstr @ HackTheBox
We are solving Dynstr, a 30-point Linux machine on HackTheBox that involves a Dynamic DNS Service & a Command Injection. read more