What is Path Hijacking? Path Hijacking is a method where the bad guys will try to execute their malicious payload by running it from a different path than they are in at that moment. Let’s look at it this way

Continue ReadingHack the Box: (Photobomb machine) – Path Hijacking

In this post, I would like to share a walkthrough of the Photobomb Machine from Hack the Box This room will be considered an Easy machine on Hack the Box What will you gain from the PhotoBomb machine? For the user

Continue ReadingHack The Box: Photobomb Machine Walkthrough – Easy Difficulty

This post is an extension of the full writeup on the Response machine that can be found here which we will abuse the AES key Extract the AES file by using the bulk_extractor tool on the Response machine Firstly, we

Continue ReadingHack The Box: (Response Machine) – Extract the AES key for Root

In this post, I would like to share a walkthrough of the Response Machine from Hack the Box This room will be considered an Insane machine on Hack the Box What will you gain from the Response machine? For the user

Continue ReadingHack The Box: Response Machine Walkthrough – Insane Difficulty

For this ambassador machine, we will try the second method to obtain the root flag. Honestly, I normally didn’t use Metasploit for any machine or activity especially while playing CTF or hackthebox machine. The vulnerabilities will exploit by using the

Continue ReadingHackthebox: (Ambassador) Metasploit way

In this post, I would like to share a walkthrough of the Ambassador Machine from Hack the Box This room will be considered a medium machine on Hack the Box What will you gain from the Ambassador machine? For the user flag,

Continue ReadingHack The Box: Ambassador Machine Walkthrough – Medium Difficulty

What is Misconfiguration? Security misconfiguration is a vulnerability that normally happens when the application especially a web page because the developer didn’t configure the website properly and exposes it to insecure configuration options. It’s a configuration weakness that normally existed

Continue ReadingLearning Series: Misconfiguration Mistakes on the application

What is Phar Deserizalition to Remote Code Execution? Phar file also known as PHP Archive will normally contain metadata that is written in a serialized format. As a result, the bad guys can abuse the vulnerability related to deserialized that

Continue ReadingHack The Box: (UpDown) Upload Phar File for RCE

In this post, I would like to share a walkthrough of the Forgot Machine from Hack the Box This room will be considered a medium machine on Hack the Box What will you gain from the Forgot machine? For the user

Continue ReadingHack The Box: Forgot Machine Walkthrough – Medium Difficulty

What is Command Injection Attack? It’s an attack in which the bad guys’ objective on this activity will be trying to obtain the execution of arbitrary commands on a vulnerable application. Normally, the vulnerability exposes when the application has sent

Continue ReadingLearning Series: Command Injection Attack