What is JWT? For those who are not familiar with JSON tokens, it’s a method to securely exchange data, especially an LFI attack in which the application uses a JSON object. The purpose of the method is to be used

Continue ReadingHack The Box: (Awkward) To retrieve an LFI with JWT token

In this post, I would like to share a walkthrough of the Awkward Machine from Hack the Box This room will be considered a medium machine on Hack the Box What will you gain from the Awkward machine? For the user

Continue ReadingHack The Box: Awkward Machine Walkthrough – Medium Difficulty

In this post, I would like to share a walkthrough of the Rainyday Machine from Hack the Box This room will be considered a Hard machine on Hack the Box What will you gain from the RainyDay machine? For the user

Continue ReadingHack The Box: Rainyday Machine Walkthrough – Hard Difficulty

What is Path Hijacking? Path Hijacking is a method where the bad guys will try to execute their malicious payload by running it from a different path than they are in at that moment. Let’s look at it this way

Continue ReadingHack the Box: (Photobomb machine) – Path Hijacking

In this post, I would like to share a walkthrough of the Photobomb Machine from Hack the Box This room will be considered an Easy machine on Hack the Box What will you gain from the PhotoBomb machine? For the user

Continue ReadingHack The Box: Photobomb Machine Walkthrough – Easy Difficulty

This post is an extension of the full writeup on the Response machine that can be found here which we will abuse the AES key Extract the AES file by using the bulk_extractor tool on the Response machine Firstly, we

Continue ReadingHack The Box: (Response Machine) – Extract the AES key for Root

In this post, I would like to share a walkthrough of the Response Machine from Hack the Box This room will be considered an Insane machine on Hack the Box What will you gain from the Response machine? For the user

Continue ReadingHack The Box: Response Machine Walkthrough – Insane Difficulty

For this ambassador machine, we will try the second method to obtain the root flag. Honestly, I normally didn’t use Metasploit for any machine or activity especially while playing CTF or hackthebox machine. The vulnerabilities will exploit by using the

Continue ReadingHackthebox: (Ambassador) Metasploit way

In this post, I would like to share a walkthrough of the Ambassador Machine from Hack the Box This room will be considered a medium machine on Hack the Box What will you gain from the Ambassador machine? For the user flag,

Continue ReadingHack The Box: Ambassador Machine Walkthrough – Medium Difficulty

What is Misconfiguration? Security misconfiguration is a vulnerability that normally happens when the application especially a web page because the developer didn’t configure the website properly and exposes it to insecure configuration options. It’s a configuration weakness that normally existed

Continue ReadingLearning Series: Misconfiguration Mistakes on the application