In this post, i would like to share a method that i have learned while playing with Bagel Machine. The vulnerability attack that i mentioned here is by using dotnet FSI. The full writeup on the Bagel Machine can be

Continue ReadingHack The Box: (Bagel) Dotnet FSI vulnerability

Dompdf Vulnerability For those who are not familiar with Dompdf, Synk has released a few vulnerabilities that are related to Dompdf over here. Based on the description here, the vulnerability that we can use has been assigned to CVE-2022-28368. The

Continue ReadingHack The Box: (Interface) – Dompdf Vulnerability

What are AMSI and AppLocker bypasses? This is a Windows Machine that might have some security features that might be preventing the reverse shell from running on the machine itself. We can assume that AppLocker is in use inside the

Continue ReadingHack The Box: (Sekhmet) AMSI and AppLocker Bypass

In this post, I would like to share a weakness of ModSecurity that has been used within the Sekhmet Machine. The full writeup on the Sekhmet machine can be found here What is ModSecurity? For those who are not familiar

Continue ReadingHack The Box: (Sekhmet) ModSecurity Demonstration

In this post, I would like to share how to escape the docker environment to obtain Root Privileges Access on the machine itself. However, I did manage to get Root Privileges Access by taking a different route which you can

Continue ReadingHack The Box: (Extension) Docker escape on root privileges

What is Varnish’s HTTP cache? To be honest, it’s my debut of hearing about the Varnish HTTP cache and my first time exploiting it. As a result, let’s try to learn it together where my thought might be different from

Continue ReadingHack The Box: (Forgot) – Varnish HTTP cache to retrieve any cache

What is JWT? For those who are not familiar with JSON tokens, it’s a method to securely exchange data, especially an LFI attack in which the application uses a JSON object. The purpose of the method is to be used

Continue ReadingHack The Box: (Awkward) To retrieve an LFI with JWT token

What is Path Hijacking? Path Hijacking is a method where the bad guys will try to execute their malicious payload by running it from a different path than they are in at that moment. Let’s look at it this way

Continue ReadingHack the Box: (Photobomb machine) – Path Hijacking

What is Misconfiguration? Security misconfiguration is a vulnerability that normally happens when the application especially a web page because the developer didn’t configure the website properly and exposes it to insecure configuration options. It’s a configuration weakness that normally existed

Continue ReadingLearning Series: Misconfiguration Mistakes on the application

What is NoSQL Injection? Before we proceed with the NoSQL Injection details, we need to understand the NoSQL databases which it has provided low consistency restrictions if compared to SQL databases. Most of the time, the attack might execute from

Continue ReadingHack The Box: (Shoppy Machine) NoSQLi attack