writeup - R:Null's hacky things

HTB - Litter

a year ago 4 min read sherlocks blue team soc dns tunneling easy writeup

Scenario Khalid has just logged onto a host that he and his team use as a testing host for many different purposes, it’s off their corporate network but has access to lots

HTB - Writer Write-up

3 years ago 12 min read hackthebox medium writeup apt-get update disclaimer sql injection python mysql hash cracking filter smtp programming cronjob gtfobins

Rated Medium by HackTheBox and created by TheCyberGeek. Through this machine, we learn about the importance of sanitising inputs, having proper password management and policies, proper privilege segmentation and proper directory permissions.

HTB - BountyHunter Write-up

3 years ago 6 min read hackthebox xxe python eval writeup easy

Rated Easy by HackTheBox and created by ejedev, we discover XML External Entity (XXE) and Python eval() function vulnerabilities.

HTB - Cap Write-up

3 years ago 3 min read hackthebox easy writeup capabilities python

Rated Easy from HackTheBox, created by InfoSecJack. We learn about keeping sensitive information on webservers and dangers of Python's SETUID Capabilities.

HTB - Schooled Write-up

3 years ago 10 min read hackthebox medium writeup cve moodle xss session pkg gtfobins

Vulnerabilities/bad configurations exploited 1. XSS in Moodle LMS to steal Teacher session. 2. Moodle LMS privilege escalation from Teacher role to Manager role (CVE-2020-14321). 3. Weak password/password re-use 4. User sudo