RedPanda

Hack The Box. Linux. Easy machine

10 minutes to read

This machine contains a web application built with Spring Boot that is vulnerable to Server-Side Template Injection with a particular format. After that, in order to escalate privileges, we must analyze a Java program, enter some malicious metadata in a JPEG image, add an XML External Entity into a controlled XML file, break a log parser logic and finally wait for root to process the XML file and read its private SSH key

Anti Flag

Hack The Box. Challenges. Reversing

4 minutes to read

sys_ptrace. Patching

baby nginxatsu

Hack The Box. Challenges. Web

1 minute to read

nginx. Directory listing

baby WAFfles order

Hack The Box. Challenges. Web

3 minutes to read

XML External Entity injection

Space pirate: Retribution

Hack The Box. Challenges. Pwn

13 minutes to read

64-bit binary. Buffer Overflow. ret2libc. Bypass PIE and ASLR