Just published: "HackTheBox - Travel"

Tl;Dr: The best designed box I did so far but quite tough. You start with Git repo extract. Then blind SSRF -> Object Deserialization exploit -> Memcached injection using Gopher -> RCE. And LDAP privesc for root.

🤯

hg8.sh/posts/travel/

aes-finder: Utility to find AES keys in running process memory. Works for 128, 192 and 256-bit keys.

github.com/mmozeiko/aes-finder

Impost3r: Impost3r是一个利用C语言编写,用来窃取linux下各类密码(ssh,su,sudo)的工具.

github.com/ph4ntonn/Impost3r

Vulnerable-AD: Create a vulnerable active directory that's allowing you to test most of active directory attacks in local lab.

github.com/WazeHell/vulnerable

Oouch... that sucks...

RT @UnderTheBreach@twitter.com

Someone is claiming to have lost $16,000,000 (1400 Bitcoins) due to installing an old Electrum wallet version that is running malicious servers.

It's a wild wild west out there, be careful!

🐦🔗: twitter.com/UnderTheBreach/sta

Just published: "Quick - HackTheBox"

Tl;Dr: For user flag, HTTP3/Quic protocol, then Edge-Side Include injections to get a reverse shell.
For the root flag you pivot to server admin using race condition in printer app and find root creds in a conf file
hg8.sh/posts/quick/

Just published a writeup "Magic - HacktheBox"

Tl;Dr: Really cool box that required to chain common vulnerabilities. For user flag, SQLi to bypass login, upload blacklist bypass and creds reuse. For the root flag you had to hijack `$PATH` on SUID binary 💉
hg8.sh/posts/magic/

"How to contact Google SRE: Dropping a shell in cloud SQL"

Great finding and writeup 👍

Tl;Dr: Arbitrary file write using MySQL -> Parameter injection in mysqldump -> dropping shell using a reverse shell shared object included in a malicious database.

offensi.com/2020/08/18/how-to-

Just published: "HackTheBox - Traceback"

Tl;Dr: Nice beginner box 👍. To get user flag you have to exploit backdoor left by a hacker and some misconfiguration on a Lua interpreter to pivot user.
For the root flag you exploit writable motd folder.

hg8.sh/posts/traceback/

"0-day vulnerability in GOG Galaxy Client v2.0.19"

Tl;Dr: GOG Galaxy Client Local Privilege Escalation Deuce using DLL injection.

positronsecurity.com/blog/2020

"Just another Null Byte Poison via Unicode variant (MuPDF mutool RCE)"

gynvael.coldwind.pl/?id=732

"RootTheBox CTF Framework": A fast, efficient and lightweight (~100 KB) Capture The Flag framework (in Flask) inspired by the HackTheBox platform.

github.com/abs0lut3pwn4g3/RTB-

Show more
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!