HackTheBox - Forge
Bypass SSRF filters using domain redirection and abusing Python PDB
Bypass SSRF filters using domain redirection and abusing Python PDB
Secret starts with analyzing web source to recover a secret token from older commit. The secret is …
BountyHunter features a website that is vulnerable to XXE attack. Exploiting it allows me to …
SSTI in Nunjucks and SUID capability on Perl
Antique is one of the machines listed in the HTB printer exploitation track. It features a network …
Dynstr imitates a company that offers a Dynamic DNS service. The provided API for this service is …
Cap starts by identifying an IDOR vulnerability on its hosted website. Using this IDOR, I can obtain …
As a medium difficulty box, Pit from Hack The Box has an interesting enumeration flow. It starts by …
Second-order SQL injection
SSTI in Golang, abuse S3 bucket, and NGINX backdoor
Exploiting the backdoor planted in PHP 8.1-dev
Actually, I hide it
Abusing JWT key identifier and breaking out of a Docker container
Deserialization attack on YAML and reversing web assembly
Code execution with path traversal
TIL: The staff group allows you to override binaries' executable paths.
Pwning Drupal 7 CMS with Drupalgeddon and abusing Snap with malicious snap package
Hands on with ShellShock vulnerability
Noob Kali setup
and wait for bad things to happen
A ctf for beginners, can you root me?
Getting password from automatic login script of ChromeOS
This is a machine that allows you to practise web app hacking and privilege escalation
My small cheat sheet for forensics and incident response on Linux systems
Friendly PHP insecure deserialization attack and race condition
Exploiting exploitation tools and command injection in a log file
Alfa starts with enumeration on FTP to obtain a username and an image file which named after a pet. …
DC-9 from VulnHub features a website that is vulnerable to SQL injection. I’m able to dump a bunch …
DC-6 starts off by enumerating usernames from a WordPress website and use a brute-force attack …
Learn some backdoor techniques and how to deal with them!
Exploiting a logic flaw called TicketTrick
Turns SSRF to remote code execution and escape from a Docker container
Exploiting an insecure deserialization on Jackson library and how to mitigate it
Seven times seven is equal to SSTI
USBCreator LPE on Linux
Example of a phishing attack and PyPI package exploitation
Abusing Tomcat manager-script roles and escalate to root with LXC container
Pentesting against simulated AWS S3 Bucket
LFI to RCE on GitLab 12.8.1~12.9.0
SQLi for login bypass and embed webshell to an image file
Exploiting OpenNetAdmin vulnerability and sudo nano