XSS, Deserialization & SeImpersonate – Cereal @ HackTheBox
We are solving Cereal, a 40-point machine on HackTheBox. For user, we will exploit a pretty tricky deserialization vulnerability in a .NET web app. For root, we exploit SeImpersonate.
We are solving Cereal, a 40-point machine on HackTheBox. For user, we will exploit a pretty tricky deserialization vulnerability in a .NET web app. For root, we exploit SeImpersonate.
We are solving Proper, a 40-point Windows machine on HackTheBox created by jkr and me. This box involves a custom... read more
In this post I will give a quick walkthrough on Giddy from hackthebox.eu. The machine involves (automated) sql injection, stealing... read more
APT is a 50-point machine on HackTheBox which involves getting the IPv6 Address via MS-RPC, credential spraying, and reading the... read more
Zetta is 40-point machine on hackthebox. We will get the ipv6 address of the box via ftp, use rsync to... read more
Json is a 30-point system on HackTheBox that involves exploiting a .NET deserialization vulnerability and has multiple ways for privilege... read more
There is no excerpt because this is a protected post. read more
Smasher2 is a difficult 50 points machine on hackthebox, involving some guessing to get the user flag (because the author... read more
We are solving Anubis, a 50-point windows machine on HackTheBox which involves an ASP template injection, windows containers, and stealing... read more
Resolute is a 30-point Windows machine on HackTheBox that involves enumerating LDAP, Password Spraying, and using the DNSAdmins group to... read more
RE is a 40 point windows machine on HackTheBox that involves uploading an ods file with a malicious macro, abusing... read more