Squashed is an Easy Difficulty Linux machine that features a combination of both identifying and leveraging misconfigurations in NFS shares through impersonating users. Additionally, the box incorp...
R2D2 Backdoor - Memory Forensics
Hey all and welcome once more to my blog. This past weekend i had the privilege to create a forensics challenge for the CyberCon Finals CTF which was held at USIU University. Top 4 Proffesional tea...
Hack The Box - Scanned
Scanned is an insane rated machine on HackTheBox created by clubby789. For the user part we will escape a chroot jail to read the database file of a web server giving us ssh access because of reuse...
Hack The Box - Paper
User Paper is an easy rated machine on HackTheBox created by secnigma. For the user part we will abuse an information leak through a CVE in wordpress to register an account in a rocket chat install...
Hack The Box - Meta
Meta is a medium rated machine on HackTheBox created by Nauten. For the user part we will abuse a CVE in exiftool to obtain a reverse shell on the machine. This will be followed up by another CVE i...
Hack The Box - Timing
Timing is a medium rated machine on HackTheBox created by irogir. For the user part we will first abuse a timing attack on the login functionality of a web application. Once logged in we are able...
Hack The Box - AdmirerToo
AdmirerToo is a hard rated machine on HackTheBox created by polarbearer. For the user part we will abuse a SSRF on an adminer installation. This results in access to a vulnerable OpenTSDB install...
Hack The Box - Pandora
Pandora is an easy rated machine on HackTheBox created by TheCyberGeek & dmw0ng. For the user part we will find leaked credentials in SNMP with which we will a abuse a CVE in the monitoring app...
Hack The Box - Fingerprint
Fingerprint is an insane rated machine on HackTheBox created by irogir. For the user part we will chain multiple vulnerabilities to gain RCE through custom java deserialization. Once on the machine...
Hack The Box - Unicode
Unicode is a medium rated machine on HackTheBox created by wh0am1root. For the user part we will forge a JWT to get access to the admin panel. From the admin panel we will find a LFI vulnerability ...
