Inledning Efter två års uppehåll p.g.a. pandemi kickade konferenserna igång igen under 2022. En gång i tiden kunde de här konferenserna te sig lite som i bilden ovan. Eftersom jag upplever att en hel del har förändrats tänkte jag summera konferensåret 2022 och dela med mig lite av mina intryck och de trender som jag tycker mig se. Innan jag beskriver mina intryck från dessa konferenser är det lämpligt att deklarera vad jag vill ha ut av en konferens.…

This writeup describes how I approached the box Secret from Hack The Box (https://www.hackthebox.eu). The box is based on Linux and it is rated easy. Tools and techniques used in this hack are Nmap, Dirb, Ffuf, Firefox, Burpsuite, Curl, Javascript, Git, JSon and JWT. My style of writeups is to describe how I was thinking when attacking them. My personal opinion is that I learn from analysing my process over and over again, and you learn more from understanding the process than just following a guide.…

Recon Hack The Box arranged Hack The Boo CTF between 22 Oct, 13:00, 2022 and 27 Oct, 13:00. It is a five day event with a one person per team limit. The event is beginner level friendly. Every day five new events are released in the categories web, crypto, pwn, forensics and reverse engineering. Since it’s a beginner friendly event it makes it fun to play even if let’s say crypto and rev is not your thing.…

Finally! The box with the print-nightmare vulnerability came on HackTheBox. Nowadays there are security patches available for this but in the beginning, it was a zero-day and also a POC available for the public. I’m going to showcase two possible ways, first a Remote Code Exection done via my local machine CVE-2021-1675 (RCE) and then a Local Privledge Escalation CVE-2021-1675 (LPE) done after getting the exploit to the box.…