This was a really fun and challenging box. Vulnerabilities for this box is described in CVE-2019-20933 and also a OS command injection vulnerability, described more in detail here. Tools used for this box was nmap, dirb, searchsploit, python3, ssh-port-forward, burpsuite and ffuf. The environment I used was a kali-VM (in Parallels Desktop 17) on my MACOS-machine. Let’s GO! Scanning Portscanning with nmap ┌──(erra㉿kali)-[~/htb/devzat] └─$ sudo nmap -T4 -sV -A devzat.…

This writeup describes how I approached the room Dear QA from Try Hack Me. This room is based on Linux and it is rated easy. I have been thinking about starting a series of articles about binary exploitation. Perhaps starting at the very easiest basics and building from that. This room seems like a very good first post on this subject. It’s the easiest kind of binary exploitation you could do.…

This box was a real enumeration-challenge, most of my time on this was spent on examining webserver content, mysql-database and interesting files on the box OS. Vulnerabilities on this box is Server Side Template Injection, and a weak password on a encrypted PGP message. Tools used for this box was nmap, dirb, searchsploit, nikto, python3, burpsuite, ffuf, hashcat, gpg2john and john. The environment I used was a kali-VM (in Parallels Desktop 17) on my MACOS-machine.…

This writeup describes how I approached the box Horizontall from Hack The Box (https://www.hackthebox.eu). The box is based on Linux and it is rated easy. This box includes vulnerabilities that is known and documented (CVE-2019-18818, CVE-2019-19609 , CVE-2021-3129) Tools and techniques used in this hack are Nmap, Dirb, Ffuf, Firefox, Burpsuite, Curl, Python, JSon and JWT. My style of writeups is to describe how I was thinking when attacking them.…