Newsletter 13/11/2022

Shared-image

Shared

Hack The Box. Linux. Medium machine

11 minutes to read

This machine has an e-commerce store that is vulnerable to SQLi. With this vulnerability we can get a hashed password which is reused for SSH. There is another user that runs ipython periodically, so we can inject a configuration file to execute commands. The second user is able to use a binary compiled in Go that connects to Redis. A binary analysis reveals the password, so we can connect to Redis and exploit a CVE to run Lua code, escape from the sandbox and execute system commands as root

web-image

Cursed Secret Party

Hack The Box. Challenges. Web

4 minutes to read

XSS. CSP bypass

forensics-image

Downgrade

Hack The Box. Challenges. Forensics

4 minutes to read

Windows event logs. XML filters

pwn-image

Entity

Hack The Box. Challenges. Pwn

3 minutes to read

64-bit binary. Union structure. Type confusion

pwn-image

Finale

Hack The Box. Challenges. Pwn

12 minutes to read

64-bit binary. Buffer Overflow. open-read-write ROP chain

forensics-image

Halloween Invitation

Hack The Box. Challenges. Forensics

19 minutes to read

Microsoft Office VBA macros deobfuscation

forensics-image

POOF

Hack The Box. Challenges. Forensics

6 minutes to read

Network traffic analysis with Wireshark. Binary analysis

pwn-image

Spooky Time

Hack The Box. Challenges. Pwn

9 minutes to read

64-bit binary. Format String vulnerability. GOT overwrite

forensics-image

Wrong Spooky Season

Hack The Box. Challenges. Forensics

1 minute to read

Network traffic analysis with Wireshark