Blind RCE and DNS Exfilteration
Description: I was doing a security testing against a web server running WebLogic. A potential RCE due to CVE-2019-2725 was reported and I was verifying it. I was following the PoC given here.
Posts by Year
2020
Hack The Box - Tabby Writeup
Hack The Box - Tabby
Hack The Box - Doctor Writeup
Hack The Box - Doctor
Hack The Box - Forest Writeup
Description: Forest is a easy level box that can be really helpful to practice some AD related attacks. Although rated as easy, it was a medium box for me considering that all attack vectors where pretty new to me.
Hack The Box - Buff Writeup
Hack The Box - Buff
Hack The Box - Remote Writeup
Hack The Box - Remote
Hack The Box - Poison Writeup
Description: This a medium rated freebsd machine. Easy user shell and an interesting privilege escalation vector.
Hack The Box - Irked Writeup
Description: Easy rated linux machine. Good box to learn some stego and also good for practicing privilege escalation for OSCP.
Hack The Box - Bastard Writeup
Description: Medium rated windows box running Drupal 7. This box provides a very good learning experience for OSCP.
Hack The Box - Granny Writeup (without MSF)
Description: This is an easy rated box but was kind of a medium easy box for me. Doing this box without metasploit as part of my OSCP preparation.
Hack The Box - Shocker Writeup
Description: This is an easy linux box that is vulnerable to shellshock. Doing this as part of my OSCP preparation.
Hack The Box - Sneaky Mailer Writeup
Hack The Box - Sneaky Mailer
Hack The Box - Legacy Writeup
Description I am doing this as part of my OSCP preparation. This is quite an easy box and only requires a single exploit to get root.
Hack The Box - Lame Writeup
Hack The Box - Lame
Vulnhub - PwnLab Writeup
Vulnhub - PwnLab: init. Welcome to “PwnLab: init”, my first Boot2Root virtual machine. Meant to be easy, I hope you enjoy it and maybe learn something. The purpose of this CTF is to get root and read the flag.
Vulnhub - Mr Robot Writeup
Description Vulnhub - Mr Robot. Based on the show, Mr. Robot.
Vulnhub - SkyTower Writeup
Description Vulnhub - SkyTower. Welcome to SkyTower:1 This CTF was designed by Telspace Systems for the CTF at the ITWeb Security Summit and BSidesCPT (Cape Town). The aim is to test intermediate to advanced security enthusiasts in their ability to attack a system using a multi-faceted approach a...
Vulnhub - Vulnix Writeup
Description Vulnhub - Vulnix. Here we have a vulnerable Linux host with configuration weaknesses rather than purposely vulnerable software versions (well at the time of release anyway!)
Vulnhub - Brainpan Writeup
Description Vulnhub - Brainpan. By using this virtual machine, you agree that in no event will I be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of or in conn...
Vulnhub - SickOs 1.2 Writeup
Description Vulnhub - VulnOS 2., This is second in following series from SickOs and is independent of the prior releases, scope of challenge is to gain highest privileges on the system.
Vulnhub - VulnOS 2 Writeup
Description Vulnhub - VulnOS 2. VulnOS are a series of vulnerable operating systems packed as virtual images to enhance penetration testing skills. This is version 2 - Smaller, less chaotic ! As time is not always on my side, It took a long time to create another VulnOS. But I like creating them....
Vulnhub - Stapler Writeup
Description: Vulnhub - Stapler. Average beginner/intermediate VM, only a few twists. May find it easy/hard (depends on YOUR background) also which way you attack the box. It SHOULD work on both VMware and Virtualbox REBOOT the VM if you CHANGE network modes Fusion users, you’ll need to retry when...
Vulnhub - FristiLeaks #1.3 Writeup
Description: Vulnhub - FristiLeaks #1.3 A small VM made for a Dutch informal hacker meetup called Fristileaks. Meant to be broken in a few hours without requiring debuggers, reverse engineering, etc..
Vulnhub - Kioptrix #5 Writeup
Description Vulnhub - Kioptrix #5 As usual, this vulnerable machine is targeted at the beginner. It’s not meant for the seasoned pentester or security geek that’s been at this sort of stuff for 10 years. Everyone needs a place to start and all I want to do is help in that regard.
Vulnhub - Kioptrix #4 Writeup
Vulnhub - Kioptrix #4
Vulnhub - Kioptrix #3 Writeup
Vulnhub - Kioptrix #3
Vulnhub - Kioptrix #2 Writeup
Vulnhub - Kioptrix #2
Hack The Box - Bitlab Writeup
Hack The Box - Bitlab
2019
Vulnhub - Kioptrix #1 Writeup
Vulnhub - Kioptrix #1
Hack The Box - Traverxec Writeup
Hack The Box - Traverxec
Hack The Box - Postman Writeup
Hack The Box - Postman
Hack The Box - Writeup Writeup
Hack The Box - Writeup
Hack The Box - Swagshop Writeup
Hack The Box - Swagshop
Exploit-Education Nebula Level 19
Exploit Education Level 19
Exploit-Education Nebula Level 18
Exploit Education Level 18
Exploit-Education Nebula Level 17
Exploit Education Level 17
Exploit-Education Nebula Level 16
Exploit Education Level 16
Exploit-Education Nebula Level 15
Exploit Education Level 15
Exploit-Education Nebula Level 14
Exploit Education Level 14
Exploit-Education Nebula Level 13
Exploit Education Level 13
Exploit-Education Nebula Level 12
Exploit Education Level 12
Exploit-Education Nebula Level 11
Exploit Education Level 11
Pwnable.tw Level 3 - Calc
Pwnable.tw Level 3 - Calc
Pwnable.tw Level 2 - Orw
Pwnable.tw Level 2 - Orw
Pwnable.tw Level 1 - Start
Pwnable.tw Level 1 - Start
Exploit-Education Nebula Level 10
Exploit Education Level 10
Exploit-Education Nebula Level 09
Exploit Education Level 9
Exploit-Education Nebula Level 08
Exploit Education Level 8
Exploit-Education Nebula Level 07
Exploit Education Level 7
Exploit-Education Nebula Level 06
Exploit Education Level 6
Exploit-Education Nebula Level 05
Exploit Education Level 5
Exploit-Education Nebula Level 04
Exploit Education Level 4
Exploit-Education Nebula Level 03
Exploit Education Level 3
Exploit-Education Nebula Level 02
Exploit Education Level 2
Exploit-Education Nebula Level 01
Exploit Education Level 1
Exploit-Education Nebula Level 00
Exploit Education Level 0
2018
Initigriti XSS Challenge 0821
Description: The challenge is to find an XSS vulnerability on https://challenge-0821.intigriti.io. This was a guest challenge created by https://twitter.com/WHOISbinit!