Protected: Hack The Box: Toxic Challenge – Easy Difficulty
There is no excerpt because this is a protected post.
Hack The Box: Inject Machine Walkthrough – Easy Difficulty
In this post, I would like to share a walkthrough of the Inject Machine from Hack the Box This room will be considered an Easy machine on Hack the Box What…
Protected: PG: InsanityHosting Machine Walkthrough – Hard Difficulty
There is no excerpt because this is a protected post.
Hack The Box: (Bagel) Dotnet FSI vulnerability
In this post, i would like to share a method that i have learned while playing with Bagel Machine. The vulnerability attack that i mentioned here is by using dotnet…
Hack The Box: (Interface) – Dompdf Vulnerability
Dompdf Vulnerability For those who are not familiar with Dompdf, Synk has released a few vulnerabilities that are related to Dompdf over here. Based on the description here, the vulnerability…
Hack The Box: (Sekhmet) AMSI and AppLocker Bypass
What are AMSI and AppLocker bypasses? This is a Windows Machine that might have some security features that might be preventing the reverse shell from running on the machine itself.…
Hack The Box: (Sekhmet) ModSecurity Demonstration
In this post, I would like to share a weakness of ModSecurity that has been used within the Sekhmet Machine. The full writeup on the Sekhmet machine can be found…
Hack The Box: (Extension) Docker escape on root privileges
In this post, I would like to share how to escape the docker environment to obtain Root Privileges Access on the machine itself. However, I did manage to get Root…
Hack The Box: (Forgot) – Varnish HTTP cache to retrieve any cache
What is Varnish’s HTTP cache? To be honest, it’s my debut of hearing about the Varnish HTTP cache and my first time exploiting it. As a result, let’s try to…
Hack The Box: (Awkward) To retrieve an LFI with JWT token
What is JWT? For those who are not familiar with JSON tokens, it’s a method to securely exchange data, especially an LFI attack in which the application uses a JSON…