Command Injection & Path Hijacking – Previse @ HackTheBox

Json is a 30-point system on HackTheBox that involves exploiting a .NET deserialization vulnerability and has multiple ways for privilege... read more

Buff is a 20-point Windows Machine on HackTheBox, created by egotisticalSW. It involves 2 simple public exploits and forwarding a... read more

My video about Spectra, a 20-point machine on HackTheBox that involves admin access to a WordPress site, allowing us to... read more

Player is a hard box, that we solved in unintended ways that are partly patched now. read more

Mango is a 30-point linux machine on hackthebox that involves a NoSQL-Injection which allows to obtain user passwords from a... read more

Carrier is a nice, medium difficulty machine on hackthebox.eu featuring information retrieval via snmp, command injection and bgp hijacking. The... read more

Frolic is a medium difficulty machine on hackthebox.eu, featuring a lot of CTF-ish language conversions, the usage of a public... read more

LaCasaDePapel is a rather easy machine on hackthebox.eu, featuring the use of php reflection, creating and signing of client certificates... read more

Solving Luanne on HackTheBox. This is an easy 20-point machine involving a simple command injection and some password cracking. read more

AuthBy is a medium difficulty Windows machine on PG Practice. It involves getting FTP access to the web root of... read more