TryHackMe - Creative
Description: Creative from TryHackMe has a website vulnerable to SSRF allowing us to read files on the system, so we read a private ssh key and get a foothold. A sudo entry with LD_PRELOAD i...
Description: Creative from TryHackMe has a website vulnerable to SSRF allowing us to read files on the system, so we read a private ssh key and get a foothold. A sudo entry with LD_PRELOAD i...
Description devvortex from HackTheBox runs a Joomla CMS vulnerable to information disclosure where we get credentials of the database that also work for the administrator page, we login and ...
Surveillance from HackTheBox runs a CMS vulnerable to unauthenticated RCE giving us foothold. We find a sql database backup that has a hash of a user, we easily crack it and get ssh access to...
Description: Hospital from HackTheBox is an Active Directory Domain Controller with a Linux container running a web server with an upload form that we abuse to get a shell on the VM. The lin...
Description: Codify from HackTheBox has a website that uses the vm2 sandbox to execute javascript code. The vm2 library is vulnerable to code execution which we exploit to get a foothold on ...
Description: Analytics from HackTheBox is a pretty easy machine that revolves arround CVEs, The first one is an unauthenticated command execution on MetaBase that gives us a foothold to a do...
Manager from HackTheBox is a domain controller where we run kerbrute to get the usernames, one user is using a weak passwords allowing us to access mssql where we use xp-dirtree to find a bac...
Description: CozyHosting from HackTheBox is running a misconfigured Java framework leaking the cookie of a logged in user giving us access to the site. A command injection vulnerability is f...
Description Keeper from HackTheBox is an easy box running a web application with default credentials where we find a password in one of the user’s profile giving us a foothold. On the system...
Description: Sau from HackTheBox, we find a website vulnerable to ssrf that we exploit to access a web app that’s sitting behind a firewall, the web app is vulnerable to command injection gi...