Host Header The HTTP Host header is a request header that specifies the hostname and port number of the server that the client is requesting a resource from. The hostname is the domain name of the...
Noter HTB
Noter is a medium Linux box, which starts with decrypting the flask session cookie. The cookie has a weak password which can be obtained by brute forcing. There is a quiet enumeration to find out t...
Talkative HTB
On Talkative, we start with command injection in the Jamovi application, which gives us the shell in a docker container. In-home dir we found the omv file which contains usernames and passwords. We...
TimeLapse HackTheBox
Timelapse is an Easy Windows that starts with accessing the SMB share. In SMB shares there is a zip file. We crack the zip file using John. The ZIP files contain the encrypted PFX file. Again using...
HackTheBox: Late WriteUp
Late is the HackTheBox easy box. Which start with finding the subdomain. The subdomain has upload option, which converts the image to text. It is vulnerbale to STTI.Using it we get the RCE. For pri...
Cybox:1.1 Vulnhub Writeup
To solve Cybox 1.1, we’ll find subdomains. First, we create the user on the register.cybox.company subdomain, then with the email id of the created user we create another account on monitor.cybox.c...
M87 vulnhub Writeup
M87 was an easy box. It start with finding directories. Then we fuzz the hidden parameters. id parameter was vulnerable to sqli and file vulnerable to LFI. With this two vulnerabilities we find out...
Digitalworld Local: TORMENT Writeup
Torment is enumeration focued box. It’s like collecting pieces and forming a picture. We get ssh private key from ftp server, usernames from port 631 and 25, and password from Ngircd. With this inf...
Healthcare Vulnhub Writeup
Healthcare is an OSCP-like box. It starts with finding hidden dir openemr. Using SQL injection vulnerability in the web application I dump the database credentials. I can log in to FTP because the ...
Photographer: 1 Vulnhub Writeup
Photographer is an OSCP-like box. We found initial credentials for the Koken CMS by enumerating SMB shares. We upload a malicious php file to get a shell. In-home directory of daisa we found the us...