Hack The Box Hack the Box : Passage
It took a loooong time to find flags as I went through lots of files.linpeas.sh is great, but there's just so many files...
2022-08
Hack The Box 
Hack The Box Hack the Box : Ransom
Spent about an hour on Cookie, hoping to bypass authentication somehow.Then hacktrick.xyz gave me a hint.Still took some...
Hack The Box Hack the Box : BountyHunter
XML external entity injection again (NodeBlog).eval exploit is fun.01:12 Check for XXE vulnerabilityXEE_Payload01:39 gob...
Hack The Box Hack the Box : NodeBlog
Encoding payload part was hard.URL encode, changing some special characters, base64...00:47 NoSQL injection01:20 XML ext...
Hack The Box Hack the Box : Secret
Reading coredump was fun, but reading long linpeas.sh result was pain.To get coredump, I learned about kill option.02:57...
Hack The Box Hack the Box : Pandora
snmp-check returned many, so I first missed user & password and proceed with snmpwalk.Finding a tiny info from vast outp...
Hack The Box Hack the Box : Shibboleth
Multiple vulnerabilities.There's so many things included, spent many hours working on things did not lead to flags.Still...
Hack The Box Hack the Box : BackendTwo
You need to read python codes and find where the files are.Fun Box!Now I'm using a sever with 4GB memory, as 2GB memory ...
Hack The Box Hack the Box : Unicode
JWK Spoofing, Directory traversal, Unicode normalization, Use /proc to gather info...Many elements. Much fun.It took me ...
Hack The Box Hack the Box : Undetected
Reading C codes was hard.00:45 PHP Unit vulnerability found01:14 Modify request on Burp Suite to show phpinfo() Content-...