Newsletter 25/04/2023

Investigation-image

Investigation

Hack The Box. Linux. Medium machine

7 minutes to read

This machine has a website that allows to analyze image file metadata with exiftool. However, the version is vulnerable to command injection and can be used to access the system. Then, we find some Windows event logs and a plaintext password as username, probably a mistake. After that, we gain access as another user that is able to execute a binary with sudo, which behind the scenes runs a Perl script that leads to the privilege escalation

pwn-image

FileStorage

Hack The Box. Challenges. Pwn

22 minutes to read

64-bit binary. Buffer Overflow. Format String vulnerability. FILE structure attack. GOT overwrite

pwn-image

Bon-nie-appetit

Hack The Box. Challenges. Pwn

13 minutes to read

64-bit binary. Heap exploitation. Off-by-one. Overlapping chunks. Tcache poisoning

web-image

ExpressionalRebel

Hack The Box. Challenges. Web

6 minutes to read

Server-Side Request Forgery. Regular Expression Denial of Service

hardware-image

Unique

Hack The Box. Challenges. Hardware

1 minute to read

Automotive Cybersecurity. CAN bus messages

hardware-image

Gawk

Hack The Box. Challenges. Hardware

3 minutes to read

PJL execution on a printer

forensics-image

Export

Hack The Box. Challenges. Forensics

6 minutes to read

Memory dump analysis

forensics-image

MarketDump

Hack The Box. Challenges. Forensics

2 minutes to read

Network traffic analysis. Telnet

reversing-image

Ransom

Hack The Box. Challenges. Reversing

3 minutes to read

Windows. File encryption