HackTheBox - Gobox

SSTI in Golang, abuse S3 bucket, and NGINX backdoor

Linux · S3 · AWS · LocalStack · Go · SSTI

HackTheBox - Ophiuchi

Deserialization attack on YAML and reversing web assembly

HackTheBox - Tenet

Friendly PHP insecure deserialization attack and race condition

HackTheBox - Cereal (User)

Chaining XSS, SSRF, and deserialization vulnerabilities to get RCE

VulnHub - DC-9

DC-9 from VulnHub features a website that is vulnerable to SQL injection. I’m able to dump a bunch …

HackTheBox - Time

Exploiting an insecure deserialization on Jackson library and how to mitigate it

HackTheBox - Bucket

Pentesting against simulated AWS S3 Bucket

Linux · AWS · LocalStack · S3 · DynamoDB · Webshell

HackTheBox - OpenAdmin

Exploiting OpenNetAdmin vulnerability and sudo nano