Hack The Box Hack the Box : BountyHunter
XML external entity injection again (NodeBlog).eval exploit is fun.01:12 Check for XXE vulnerabilityXEE_Payload01:39 gob...
Hack The Box 
Hack The Box Hack the Box : NodeBlog
Encoding payload part was hard.URL encode, changing some special characters, base64...00:47 NoSQL injection01:20 XML ext...
Hack The Box Hack the Box : Secret
Reading coredump was fun, but reading long linpeas.sh result was pain.To get coredump, I learned about kill option.02:57...
Hack The Box Hack the Box : Pandora
snmp-check returned many, so I first missed user & password and proceed with snmpwalk.Finding a tiny info from vast outp...
Hack The Box Hack the Box : Shibboleth
Multiple vulnerabilities.There's so many things included, spent many hours working on things did not lead to flags.Still...
Hack The Box Hack the Box : BackendTwo
You need to read python codes and find where the files are.Fun Box!Now I'm using a sever with 4GB memory, as 2GB memory ...
Hack The Box Hack the Box : Unicode
JWK Spoofing, Directory traversal, Unicode normalization, Use /proc to gather info...Many elements. Much fun.It took me ...
Hack The Box Hack the Box : Undetected
Reading C codes was hard.00:45 PHP Unit vulnerability found01:14 Modify request on Burp Suite to show phpinfo() Content-...
Hack The Box Hack the Box: Intelligence
10.10.10.248 : IP of Box10.10.14.3 : Local tun0Enumeration process omitted from the movieEnumerate anonymous logon (crac...
Hack The Box Hack The Box : Bastard
Bastard write-upExploit app's vulnerability & unpatched Windows vulnerability.After accessing machine with reverse shell...