Walkthrough of the HackTheBox machine Previse featuring the exploitation of an improper 302 redirect in a PHP web app, source code review to find a command injection vulnerability, mySQL database looting, hash cracking with hashcat, and privilege escalation via a sudo misconfiguration.
Walkthrough of this fun and challenging HackTheBox machine involving enumeration & exploitation of an Active Directory environment.
Walkthrough of the HackTheBox machine Arctic. Featuring a Cold Fusion 8 directory traversal vulnerability and exploitation of MS10-059 to privesc.
Walkthrough of the HackTheBox machine Solidstate. Exploiting default credentials and a vulnerability in Apache James 2.3.2. Finding and exploiting weak permissions on a script running as root to privesc.
HTB – Cronos
Walkthrough of the HackTheBox machine Cronos. Featuring virtual hosts, DNS zone transfers, command injection, and cron job exploitation.
Kioptrix Level 1.1 (#2)
Walkthrough of the VulnHub machine Kioptrix Level 1.1
Kioptrix Level #1
Walkthrough of the VulnHub machine Kioptrix Level 1