Secret starts with analyzing web source to recover a secret token from older commit. The secret is …
Sep 28, 2022
·
12 min readDriver is also one of the machines listed in the HTB printer exploitation track. It starts with a …
Sep 25, 2022
·
6 min readBountyHunter features a website that is vulnerable to XXE attack. Exploiting it allows me to …
Nov 22, 2021
·
7 min readSSTI in Nunjucks and SUID capability on Perl
Nov 07, 2021
·
10 min readExploiting ES File Explorer and abusing ADB
Oct 30, 2021
·
9 min readReturn is another machine listed in the HTB printer exploitation track. This machine hosts a web …
Oct 24, 2021
·
9 min readAntique is one of the machines listed in the HTB printer exploitation track. It features a network …
Oct 20, 2021
·
10 min readCap starts by identifying an IDOR vulnerability on its hosted website. Using this IDOR, I can obtain …
Oct 14, 2021
·
6 min readSecond-order SQL injection
Sep 24, 2021
·
6 min readExploiting the backdoor planted in PHP 8.1-dev
Aug 28, 2021
·
4 min readLove from Hack The Box hosts a voting system application and an online file scanner. The file …
Aug 09, 2021
·
10 min readAbusing JWT key identifier and breaking out of a Docker container
Aug 07, 2021
·
10 min readCode execution with path traversal
Aug 06, 2021
·
9 min readTIL: The staff group allows you to override binaries' executable paths.
Aug 06, 2021
·
5 min readLearn how RID cycling could be used for enumerating AD users
Jul 28, 2021
·
9 min readPwning Drupal 7 CMS with Drupalgeddon and abusing Snap with malicious snap package
Jul 26, 2021
·
10 min readFinding passwords in Group Policy Preferences and roasting Kerberos
Jul 15, 2021
·
9 min readHands on with ShellShock vulnerability
Jul 13, 2021
·
4 min readSupplying a malicious update definition to Electron-updater
Jul 10, 2021
·
10 min readGetting password from automatic login script of ChromeOS
Jun 26, 2021
·
10 min readExploiting exploitation tools and command injection in a log file
Jun 14, 2021
·
8 min readExploiting a logic flaw called TicketTrick
May 25, 2021
·
9 min readSeven times seven is equal to SSTI
May 08, 2021
·
8 min readUnauthenticated RCE as SYSTEM on Windows 10 IoT
May 06, 2021
·
6 min readTunneling with Chisel to deliver a buffer overflow exploit
May 01, 2021
·
8 min readLFI to RCE on GitLab 12.8.1~12.9.0
Apr 17, 2021
·
11 min readNest is one of my favorite machines after Forest, I learned a lot about enumeration here, especially …
Apr 16, 2021
·
10 min readLearn basic exploitation of Active Directory
Apr 07, 2021
·
5 min readExploiting embedded system software
Apr 06, 2021
·
6 min readEnumerating public NFS and gain access to sensitive files
Apr 05, 2021
·
6 min readUsing BloodHound to discover abusable Active Directory groups
Apr 03, 2021
·
7 min readExploiting OpenNetAdmin vulnerability and sudo nano
Apr 02, 2021
·
6 min read