Trick

Hack The Box. Linux. Easy machine

17 minutes to read

This machine has a DNS service that is vulnerable to a Domain Zone Transfer attack and leaks a subdomain. Here we can bypass authentication with SQLi and exploit an LFI. Both vulnerabilities can be chained to get access to the machine. Then, we find another subdomain that is again vulnerable to LFI, and we can leak a user’s SSH private key. This user is able to restart fail2ban with sudo and modify configuration files

baby BoneChewerCon

Hack The Box. Challenges. Web

1 minute to read

PHP. Laravel Debugger

Blacksmith

Hack The Box. Challenges. Pwn

8 minutes to read

64-bit binary. seccomp rules. open-read-write shellcode

Chainsmoker

Hack The Box. Challenges. Misc

7 minutes to read

Blockchain. Integer operations. Server-Side Template Injection

Find Marher's Secret

Hack The Box. Challenges. Crypto

5 minutes to read

RC4. FMS attack

No Return

Hack The Box. Challenges. Pwn

20 minutes to read

64-bit static binary. JOP. sys_rt_sigreturn and sys_execve

Sigma Technology

Hack The Box. Challenges. Misc

4 minutes to read

Adversarial Machine Learning

Userland City

Hack The Box. Challenges. Web

3 minutes to read

PHP. Laravel exploit

HackTheBoo CTF

Hack The Box. Beginner friendly CTF

118 minutes to read

25 challenges (Web, Reversing, Pwn, Forensics, Crypto)