Posts

Jund Creativity Primer by alemilan19

Magic drafts - Tips and Tricks

Headless its a easy hackthebox machine that is vulnerable to xss in a contact form. Using that vulnerability we can grab a cookie and gain admin access to the web app. Following that we detect a command injection which allows the foothold into the machine. Inside the machine we gain root by exploiting a script containing a path hijack vulnerability.

Analytics is a easy hackthebox machine that explores a vulnerability in a service called metabase. After gaining foothold into a docker continer we get credentials used in both the database and the ssh. Inside the machine we use a vulnerability in a service called overlayfs to get root.

Breach Umbrella Corp’s time-tracking server by exploiting misconfigurations around containerization. Link - https://tryhackme.com/room/umbrella