HackTheBox - Machines Soccer image

HackTheBox - Machines Soccer

Date: 15/08/2023

login using default credentials: admin: admin@123 from https://github.com/prasathmani/tinyfilemanager upload simple php reverse shell and get shell as www-data...

Reading Time: 1 minutes

protected

HackTheBox - Challenges EasterBunny image

HackTheBox - Challenges EasterBunny

Date: 07/08/2023

This post is password protected, description is not available

Reading Time: 2 minutes

protected

HackTheBox - Challenges No-Threshold image

HackTheBox - Challenges No-Threshold

Date: 09/12/2023

This post is password protected, description is not available

Reading Time: 1 minutes

HackTheBox - Challenges Breaking Grad image

HackTheBox - Challenges Breaking Grad

Date: 01/11/2023

A file that particularly stands out is...

Reading Time: 2 minutes

HackTheBox - Challenges WS-Todo image

HackTheBox - Challenges WS-Todo

Date: 30/11/2023

The functionality is very simple, you can either get or add todos...

Reading Time: 3 minutes

protected

HackTheBox - Challenges ApacheBlaze image

HackTheBox - Challenges ApacheBlaze

Date: 01/11/2023

This post is password protected, description is not available

Reading Time: 2 minutes

protected

HackTheBox - Challenges Prying Eyes image

HackTheBox - Challenges Prying Eyes

Date: 10/12/2023

This post is password protected, description is not available

Reading Time: 2 minutes

HackTheBox - Challenges Saturn image

HackTheBox - Challenges Saturn

Date: 03/11/2023

I very simple flask app is all this challenge is. We can immidieitly spot a kind of SSRF as a service vulnerability. And the flag is retrieved by /secret if the request is coming from localhost. Ok then what prevents us from using the ssrf to request /secret, get the flag and get done with it?...

Reading Time: 4 minutes