Command Injection & SQL Injection | HackTheBox Looking glass & Sanitize | OWASP TOP 10
We covered Command Injection & SQL Injection which are in the OWASP TOP 10 list of vulnerabilities….
HackTheBox
Broken Authentication | HTB OWASP TOP 10 – P2
We covered broken authentication, session hijacking and information disclosure as part of HTB OWASP TOP 10 track…
XML External Entity Injection | HackTheBox baby WAFfles order
We covered a simple demonstration of XML External Entity Injection vulnerability which is part of OWASP Top…
XML External Entity Injection Demonstration | HTB BountyHunter | CREST CRT Track
We covered a demo of XML External Entity Injection along with privilege escalation through exploiting Python eval…
Windows Privilege Escalation with PowerUp | HackTheBox Remote | CREST CRT Track
We covered HackTheBox Remote machine as part of CREST CRT (Registered Penetration Tester) Track. We demonstrated Umbraco…
Docker Privilege Escalation and SSTI Exploitation | HackTheBox GoodGames
We covered HackTheBox GoodGames as part of CREST CRT track. We went over SQL Injection, server side…
Windows Active Directory Exploiting Group Policy Preferences | HackTheBox Active
We covered HackTheBox Active as part of CREST CRT (registered penetration tester track). We went through Exploiting…
Python Privilege Escalation | HackTheBox Cap | CREST CRT Track
We covered Insecure Direct Object Reference vulnerability exploitation along with Python privilege escalation as part of HackTheBox…
DNS Zone Transfer and Python Privilege Escalation | HackTheBox FriendZone
We covered HackTheBox FriendZone as part of CREST CRT track. We went over DNS zone transfer, SMB…
Linux Privilege Escalation Through X11 Authorization | HackTheBox Squashed
We enumerate NFS shares, and upload a Web Shell . We also performed Linux privilege escalation by…
Microsoft IIS Web Server Vulnerabilities | HackTheBox Devel | OSCP Prep
We covered a scenario of a vulnerable Microsoft IIS web server which was leveraged to compromise a…
Printer Exploitation | Part Two | HackTheBox Wander
We covered again printer exploitation methods and this time we used a machine that has printer installed…
Buffer Overflow P20 | Integer Overflow | HackTheBox Optimistic
We covered a scenario of buffer overflow where a variable was declared as an unsigned integer and…
Buffer Overflow P19 | Intro to Binary Exploitation | HackTheBox Bat Computer
We covered a binary that has only PIE or Position Independent Executable enabled as a protection while…
Printer and Active Directory Exploitation | HackTheBox Return
We covered a machine with a printer exposed to the public via port 80. The printer contained…
Buffer Overflow | Intro to Binary Exploitation | HackTheBox Jeeves
We covered a scenario of a binary vulnerable to buffer overflow vulnerability. The binary has NX and…
Printer Exploitation via SNMP and Telnet | HackTheBox Antique
We covered a printer exploitation scenario where we started with telnet protocol then we used SNMP to…
Printer Driver Exploitation with Metasploit | HackTheBox Driver
We covered a scenario of gaining access to a windows server machine with vulnerable printer software. We…
Advanced Printer Exploitation | HackTheBox Laser
Introduction We covered a difficult scenario of printer exploitation. We first interacted with the printer HP JetDirect…
HackTheBox Cyber Apocalypse CTF 2023 Writeups
In this post, I have covered HackTheBox Cyber Apocalypse CTF 2023 Writeups in the form of written…