I had mixed fellings with this box. Is not only just web exploration and you must have a good CTF experience to get it. Particuarly I did not enjoy it. The first shell you get with a webdav exploi...
AI is a Medium Linux Box from HackTheBox. It’s almost an Easy box. The first shell you get using a SQLInjection via wav file. The box transfor the audio in text, and you can perform a SQLInjection ...
Aragog was a Medium Linux box from HackTheBox which give me the chance to play a little more with XEE, to understand better how it works. That was the first shell, the root we get with pspy catchin...
This was a good box from HackTheBox. It’s level is setted as Medium and Linux as OS. The initial exploration is trough XEE we found on the feed.py file, and then we read the id_rsa key from roosa u...
Ophiuchi was a Medium Box from HackTheBox with Linux OS. The first shell is trough Java YAML deserialization attack that involved generating a JAR payload to inject via a serialized payload, the se...
This Box was a Windows Medium Box from HackTheBox. The exploration is trough deserealization in .NET. Which we explored with ysoserial. The root part we got different paths to get it. I did only th...
Jewel was a good box from HackTheBox. It’s Medium one. I learned a lot with the ruby on rails serialization, was a good practice. The first shell is trough deserealization on ruby in an update use...
Tenet was a Linux Medium Box from Hack The Box. The exploration is trough php serialization. We found a php backup file on the server and see that is serializing data, then we create a exploit to e...
Arkham was a Medium Level Box from HackTheBox, which I could certainly say that is harder than just Medium, it can be compared with Insane boxes. The vulnerability will need to trigger is a java de...
Mango was an awesome box from HackTheBox. It’s Linux and Medium Level. I enjoyed it a lot because I learned better how to do a Blind SQLInjection. The scripting part was really good. The first she...