Atom is a medium rated machine on HackTheBox by MrR3boot which got bumped from an easy rating to medium on its release day. In this walkthrough we first will abuse the electron-builder update syste...
Hack The Box - Ophiuchi
User Ophiuchi is a medium rated machine on HackTheBox created by felamos. In this walkthrough we will abuse insecure deserialization in a yaml parser to gain an initial foothold. After that we use...
Hack The Box - Spectra
Spectra is an easy rated machine on HackTheBox created by egre55. For the user part we will exploit a test installation of worpress with directory listing enabled to log into the production wordpre...
Hack The Box - Tentacle
User Tentacle is a hard rated machine on HackTheBox created by polarbearer. In this walkthrough we will first discover a vulnerable OpenSMTP installation hidden behind multiple proxies and exploit...
Hack The Box - Tenet
Tenet is a medium rated machine on HackTheBox created by egotisticalSW. For the user part we will find a backup php script and abuse the php unserialze function to reach RCE on the webserver result...
Hack The Box - ScriptKiddie
ScriptKiddie is an easy rated machine on HackTheBox by 0xdf. For the user part we will exploit a web application that letโs us generate mfsvenom files with templates abusing CVE-2020-7384. This giv...
Delivery - Hack The Box
Delivery is a quick and fun easy box where we have to create a MatterMost account and validate it by using automatic email accounts created by the OsTicket application. The admins on this platform ...
Ready - Hack The Box
Ready was a pretty straighforward box to get an initial shell on: We identify thatโs it running a vulnerable instance of Gitlab and we use an exploit against version 11.4.7 to land a shell. Once in...
Enable Google Page Views
The content of this post applies only to Universal Analytics property (UA), not Google Analytics 4 (GA 4). In addition, since UA is about to be deprecated on Jul 1, 2023, the Page Views feature ...
Unbalanced - Hack The Box
To solve Unbalanced, weโll find configuration backups files in EncFS and after cracking the password and figuring out how EncFS works, we get the Squid proxy cache manager password that let us disc...
