From Apache Tomcat To Shell | HackTheBox Jerry
In this post, we covered HackTheBox Jerry as part of the beginner track in Hackthebox. We demonstrated the move…
HackTheBox
The Eternal Blue Exploit | HackTheBox Blue | Beginner Track
In this post, we covered the eternal blue exploit as part of HackTheBox Beginner Track. Machine Name : HackTheBox…
Analyzing a Hacked WebServer With Wireshark | HackTheBox Intro To Blue Team | Chase
Introduction One of our web servers triggered an AV alert, but none of the sysadmins say they were logged…
Reverse Shell Over ICMP | HackTheBox Minion
In this post, we go over the concept of retrieving shell via ICMP protocol instead of TCP. It can…
Exploiting Server Side Request Forgery (SSRF) | HackTheBox Kotarak
In this post, we demonstrated how to exploit SSRF to discover internal hidden services. We performed privilege escalation using…
The ShellShock Vulnerability Explained | HackTheBox Shocker
Shellshock vulnerability allows for remote code execution using shell callouts to bash below 4.3. payload can be sent simply…
Windows Active Directory PAC Vulnerability | HackTheBox Mantis
In Windows active directory environment, PAC stands for privilege attribute certificate which stores information about the user privileges, permissions…
JSON Deserialization Vulnerability – HackTheBox Time – CVE-2019-12384 Jackson RCE
Premise In this video walkthrough, we covered a vulnerability in Jackson library that uses JSON Deserialization and used ‘Time‘…
Understanding Lua Programming Vulnerabilities | HackTheBox Luanne
Premise In this video walkthrough, we demonstrated common vulnerabilities in Lua programming including code injection, and performed a practical…