XSS, Deserialization & SeImpersonate – Cereal @ HackTheBox
We are solving Cereal, a 40-point machine on HackTheBox. For user, we will exploit a pretty tricky deserialization vulnerability in a .NET web app. For root, we exploit SeImpersonate.
We are solving Cereal, a 40-point machine on HackTheBox. For user, we will exploit a pretty tricky deserialization vulnerability in a .NET web app. For root, we exploit SeImpersonate.
Helpline is a really fun box on hackthebox.eu, which I was lucky enough to get system first blood on :)... read more
Frolic is a medium difficulty machine on hackthebox.eu, featuring a lot of CTF-ish language conversions, the usage of a public... read more
Solving Academy on HackTheBox, a 20-point Linux machine on HackTheBox that involves a Laravel deserialization RCE, stored credentials & sudo... read more
Redcross is a machine on hackthebox.eu, featuring sql injection, cookie reuse and a nice binary exploitation challenge, which I enjoyed... read more
We are going to solve Delivery, a 20-point machine on HackTheBox. For user, we will bypass email verification on a... read more
Buff is a 20-point Windows Machine on HackTheBox, created by egotisticalSW. It involves 2 simple public exploits and forwarding a... read more
We are solving UT99, an intermediate windows box on PG Practice. On this box, we are going to exploit an... read more
Patents is a 40-point Linux machine on HackTheBox. For user we exploit an external entity injection in a word document... read more
Writeup is a nice, medium difficulty machine on hackthebox, featuring the use of a publicly available sql injection exploit and... read more
We are solving Pivotapi, a 50-point Windows machine on HackTheBox. This one involves some Reverse Engineering, MSSQL, and Active Directory... read more