EWEBSITE()
.home()
.posts()
.github()
hacking
hackthebox
javascript
machines
nginx
privesc
sqli
web
websockets
cache
challenges
varnish
bruteforce
bypass
haproxy
rate_limiting
inheritance
nodejs
prototype_pollution
ssrf
xss
apache
http_smuggling
CVE-2022-44268
imagemagick
dns
dns_rebinding
android
mobile
sslpininng_bypass
2022
ccsc
crypto
ctfs
forensics
misc
pwn
reverse
2024
js2py
jwt
path_traversal
serviceworkers
wizerctf
n00bz
programming
write_primitive
zip_slipping
2023
class_pollution
flask
python
magic
weird
angr
assembly
rc4
wireshark
HackTheBox - Machines Soccer
Date: 15/08/2023
login using default credentials: admin: admin@123 from https://github.com/prasathmani/tinyfilemanager upload simple php reverse shell and get shell as www-data...
hacking
hackthebox
javascript
machines
nginx
privesc
sqli
web
websockets
Reading Time: 1 minutes
protected
HackTheBox - Challenges EasterBunny
Date: 07/08/2023
This post is password protected, description is not available
cache
challenges
hacking
hackthebox
varnish
web
Reading Time: 2 minutes
protected
HackTheBox - Challenges No-Threshold
Date: 09/12/2023
This post is password protected, description is not available
bruteforce
bypass
challenges
hacking
hackthebox
haproxy
rate_limiting
sqli
web
Reading Time: 1 minutes
HackTheBox - Challenges Breaking Grad
Date: 01/11/2023
A file that particularly stands out is...
challenges
hacking
hackthebox
inheritance
javascript
nodejs
prototype_pollution
web
Reading Time: 2 minutes
HackTheBox - Challenges WS-Todo
Date: 30/11/2023
The functionality is very simple, you can either get or add todos...
challenges
hacking
hackthebox
javascript
ssrf
web
websockets
xss
Reading Time: 3 minutes
protected
HackTheBox - Challenges ApacheBlaze
Date: 01/11/2023
This post is password protected, description is not available
apache
challenges
hacking
hackthebox
http_smuggling
web
Reading Time: 2 minutes
protected
HackTheBox - Challenges Prying Eyes
Date: 10/12/2023
This post is password protected, description is not available
CVE-2022-44268
challenges
hacking
hackthebox
imagemagick
web
Reading Time: 2 minutes
HackTheBox - Challenges Saturn
Date: 03/11/2023
I very simple flask app is all this challenge is. We can immidieitly spot a kind of SSRF as a service vulnerability. And the flag is retrieved by /secret if the request is coming from localhost. Ok then what prevents us from using the ssrf to request /secret, get the flag and get done with it?...
bypass
challenges
dns
dns_rebinding
hacking
hackthebox
ssrf
web
Reading Time: 4 minutes