Hack The Box: Mentor Machine Walkthrough – Medium Difficulty
In this post, I would like to share a walkthrough of the Mentor Machine from Hack the Box This room will be considered a medium machine on Hack the Box What…
Hack The Box: (Forgot) – Varnish HTTP cache to retrieve any cache
What is Varnish’s HTTP cache? To be honest, it’s my debut of hearing about the Varnish HTTP cache and my first time exploiting it. As a result, let’s try to…
Hack The Box: (Awkward) To retrieve an LFI with JWT token
What is JWT? For those who are not familiar with JSON tokens, it’s a method to securely exchange data, especially an LFI attack in which the application uses a JSON…
Hack The Box: Awkward Machine Walkthrough – Medium Difficulty
In this post, I would like to share a walkthrough of the Awkward Machine from Hack the Box This room will be considered a medium machine on Hack the Box What…
Hack The Box: Rainyday Machine Walkthrough – Hard Difficulty
In this post, I would like to share a walkthrough of the Rainyday Machine from Hack the Box This room will be considered a Hard machine on Hack the Box What…
Hack the Box: (Photobomb machine) – Path Hijacking
What is Path Hijacking? Path Hijacking is a method where the bad guys will try to execute their malicious payload by running it from a different path than they are…
Hack The Box: Photobomb Machine Walkthrough – Easy Difficulty
In this post, I would like to share a walkthrough of the Photobomb Machine from Hack the Box This room will be considered an Easy machine on Hack the Box What…
Hack The Box: (Response Machine) – Extract the AES key for Root
This post is an extension of the full writeup on the Response machine that can be found here which we will abuse the AES key Extract the AES file by…
Hack The Box: Response Machine Walkthrough – Insane Difficulty
In this post, I would like to share a walkthrough of the Response Machine from Hack the Box This room will be considered an Insane machine on Hack the Box What…
Hackthebox: (Ambassador) Metasploit way
For this ambassador machine, we will try the second method to obtain the root flag. Honestly, I normally didn’t use Metasploit for any machine or activity especially while playing CTF…