In this section we will keep our studies in Buffer Overflow. Now using a different technique called Data Execution Prevention Bypass. CloudMeSync - VirtualProtect Here we have the function of the...
In this section we will keep our studies in Buffer Overflow. Now using a different technique called Data Execution Prevention Bypass. ROP - Return Oriented Programing What is ROP? What is DEP? D...
CrossFit was an extremelly useful box to learn and train my XSS skills. It starts with a XSS on a message param. Then you do a CSRF, by creating an account on a ftp server with the admin credential...
This bos is a Hard level box from HackTheBox with Linux as OS. You need to start with a good enumeration to find the place to inject the payload. You get a LFI, you get a password from it, then you...
Quick gave me the chance to improve my code analysis skills, mainly in php code. Awesome done, very well thinked. The http3 part I’ve never seen before, had the chance to learn many new things. Th...
Feline is a Tomcat box. Which you need to understand how deserealization works to get it. The first shell was not soo hard, you just need one exploit to make it working. The privilege escalation pa...
This box was really good one. It envolves you explore a box that was already compromissed with an attack. You get the source code of it, and get some creds. Then you upload a php malicious and I de...
Falafel was one of the most interesing box I’ve done in HackTheBox. It’s Linux and seted as Hard level. A web exploration with blind sqlinjection and type juggling. Then you need to byppass many up...
Holiday was a hard box from hackthebox. Linux and web, it was not easy because of it’s path of exploration consists in many things to do. One web fuzzing with especific User-Agent, then a SQLInject...
Cereal was about do a good code analysis to find the vulnerability. For me particullary it was extremelly hard and an awesome training for OSWE, for example. After you get the source code from a gi...