Posts
ColdFusionX
Cancel
HackTheBox — Laboratory Writeup image

Laboratory starts off with discovering an vulnerable GitLab instance running on the box. We’ll refer an HackerOne report to exploit a CVE associated with it to get Arbitrary file read vulnerabil...

NahamCon2021 CTF - Ret2basic image

ret2basic was a basic ret2win based binary exploitation challenge where we Locate a method within the binary that we want to call and do so by overwriting a saved return address on the stack. ...

HackTheBox — Passage Writeup image

Passage starts off with web enumeration where we discover the website running on a vulnerable instance of CuteNews CMS and exploit it through bypassing Avatar Image Upload functionality to drop ...

HackTheBox — Academy Writeup image

Academy is a vulnerable replica of a recently released Cyber Security training product by HackTheBox. Initial foothold requires us to exploit a vulnerable registration page through which we can ...

HackTheBox — Doctor Writeup image

Doctor starts off with attacking a health service message board website where we discover two vulnerabilities, Server-side Template injection and Command injection both of which leads to initial...

HackTheBox — Omni Writeup image

Omni is an unique machine running Windows IoT Core, a variant of Windows designed for embedded systems like Raspberry Pi. Using SirepRAT we are able to achieve remote code execution, thereby she...

HackTheBox — OpenKeyS Writeup image

OpenKeyS gives us good insight and exposure on OpenBSD vulnerabilities, initial web enumeration leads us to a directory where we find a vim swap file, restoring the file contents we understand c...

HackTheBox — SneakyMailer Writeup image

SneakyMailer starts off with Web enumeration where we discover a list of email addresses and send them phishing mails. One of the user triggers the link and drops his creds via POST request, Usi...

HackTheBox — Buff Writeup image

Buff is a quite easy box highlighting basics of enumeration, where we discover a website running a vulnerable software and exploit it using a publicly available exploit to a get remote code exec...

HackTheBox — Tabby Writeup image

Tabby was a user friendly easy level box put together with interesting attack vectors. We start off with discovering Local File Inclusion (LFI) in a website and leverage it to expose credentials...