Rated Medium by HackTheBox and created by TheCyberGeek. Through this machine, we learn about the importance of sanitising inputs, having proper password management and policies, proper privilege segmentation and proper directory permissions.
Vulnerabilities/bad configurations exploited
1. XSS in Moodle LMS to steal Teacher session.
2. Moodle LMS privilege escalation from Teacher role to Manager role
(CVE-2020-14321).
3. Weak password/password re-use
4. User sudo
Rated Medium from HackTheBox, created by mostwanted002. We learn about bad practices in storing static java web tokens in cookies and breaking out of docker via runC based on CVE-2019-5736.
Rated Medium by HackTheBox, created by felamos. Through this machine, we learn about a YAML deserialization vulnerability, the horror of password re-use and bad programming practices by using relative paths for critical files.
