Home » Tags

Code-Review

HackTheBox - Forge

Bypass SSRF filters using domain redirection and abusing Python PDB

Oct 15, 2022  ·  9 min read
linux ssrf vhost ffuf

HackTheBox - Gobox

SSTI in Golang, abuse S3 bucket, and NGINX backdoor

Sep 12, 2021  ·  15 min read
linux s3 aws localstack

HackTheBox - Ophiuchi

Deserialization attack on YAML and reversing web assembly

Aug 06, 2021  ·  9 min read
linux yaml deserialization web-assembly

HackTheBox - Tenet

Friendly PHP insecure deserialization attack and race condition

Jun 14, 2021  ·  11 min read
linux wordpress php deserialization

HackTheBox - Cereal (User)

Chaining XSS, SSRF, and deserialization vulnerabilities to get RCE

Jun 09, 2021  ·  13 min read
windows recover-git dotnet csharp

VulnHub - DC-9

DC-9 from VulnHub features a website that is vulnerable to SQL injection. I’m …

Jun 02, 2021  ·  9 min read
linux port-knocking sql-injection lfi

HackTheBox - Time

Exploiting an insecure deserialization on Jackson library and how to mitigate it

May 09, 2021  ·  9 min read
linux jackson java ssrf

HackTheBox - Bucket

Pentesting against simulated AWS S3 Bucket

Apr 24, 2021  ·  14 min read
linux aws localstack s3

HackTheBox - OpenAdmin

Exploiting OpenNetAdmin vulnerability and sudo nano

Apr 02, 2021  ·  6 min read
linux code-review webshell password-cracking