Writeup of the PivotAPI machine from Hack The Box
Writeup of the fullpwn challenge called BBQ from HackTheBox Business CTF 2021
Writeup of the web challenge called Emergency from HackTheBox Business CTF 2021
Writeup of the web challenge called NoteQL from HackTheBox Business CTF 2021
Writeup of the web challenge called Time from HackTheBox Business CTF 2021
Writeup of the misc challenge called discordvm from HackTheBox Business CTF 2021
New weekly challenge that contains forging of Json Web Tokens, bruteforcing of session cookies, SQLi and more.
By hijacking a DLL we can use Discord as a way of getting persistence on a compromised system. Nothing new but a fun experiment nonetheless.
Security Onion V2 (prior to v2.3.10) has an incorrect sudo configuration, which allows local users to obtain root access by editing and executing /home/USERNAME/SecurityOnion/setup/so-setup without supplying a password.
The holiday season is nearly upon us and it's time to get into the christmas spirit. And what better way to do exactly that than to combine a christmas tree with cyber security?
New weekly challenge on THM. This writeup covers CrackMapExec, Evil-WinRM, a new CVE in Spark and more.
New week, new challenge. This is my writeup of the Wonderland machine.
QuickBox CE <= v2.5.5 and QuickBox Pro <= 2.1.8 are both affected by an authenticated remote code execution (RCE) and privilege escalation vulnerability. A low-privileged user can execute arbitary commands on the server with the privileges of the user running the web server...
InfoName: RedCross IP Address: 10.10.10.113 Operating System: Linux Difficulty: 6.3/10 Base Points: 30 EnumerationAs always we start with a nmap scan to determine which ports are open and
InfoName: DC-4 Operating System: Linux Url: http://www.five86.com/dc-4.html Release: 26 Mar 2019 Difficulty: Beginner/Intermediate Description: DC-4 is another purposely built vulnerable lab with the intent of gaining experience
InfoName: Lin.Security Operating System: Linux Url: https://in.security/lin-security-practise-your-linux-privilege-escalation-foo/ Release: 11 Jul 2018 Difficulty: ??? Description: We have configured the box to simulate real-world vulnerabilities (albeit on a single host) which will
InfoName: DC-3 Operating System: Linux Url: http://www.five86.com/dc-3.html Release: 26 Mar 2019 Difficulty: Beginner Description: DC-3 is another purposely built vulnerable lab with the intent of gaining experience in
Today we are solving DC-2. This machine is created by DCAU7 who also created DC-1. Even though the machine is for beginners I figured I could try and solve it anyway.
InfoName: RootThis: 1 Operating System: Linux Url: https://www.vulnhub.com/entry/rootthis-1,272/ Release: 5 Dec 2018 Difficulty: ??? Description: N/A EnumerationAs usual, let's start with a nmap scan to see what
Today we are solving "unknowndevice64" from Vulnhub - the most recent machine as of this writing.
This is a writeup of how I solved CH4INRULZ. We go from a local file inclusion vulnerability, to bypassing an image upload, to RCE and finally a privilege escalation using DirtyCow. Let's go!
From the author of the machine: MERCY is a machine dedicated to Offensive Security for the PWK course, and to a great friend of mine who was there to share my sufferance with me. :-) This is my writeup of this machine.
This is a writeup of the recently released Casino Royale: 1 machine from Vulnhub
This is a writeup of the retired Hack The Box Sneaky machine.