Home
Yufong
Cancel

Beautiful Styles

Beautiful Styles image

Markdown Parser

Markdown Parser image

Grey CTF Survey

Grey CTF Survey image

Fearless Concurrency

Fearless Concurrency image

Baby Web

Baby Web image

HackTheBox - Stocker

HackTheBox - Stocker image

Machine begins with a subdomain enumeration, discovering dev.stocker.htb, where it is susceptible to a NoSQLi login bypass. Exploiting this vulnerability granted access to the cart checkout page, which was found to be vulnerable to a cross-site scripting to local file inclusion (XSS2LFI)...

HackTheBox - MetaTwo

HackTheBox - MetaTwo image

The machine begins with a web enumeration which led to the discovery of a vulnerable version of WordPress 5.6.2 and a vulnerable plugin, Booking Press 1.0.10. The plugin Booking Press 1.0.10 was found to be susceptible to SQL injection, which allowed the extraction of WordPress user cre...

HackTheBox - UpDown

HackTheBox - UpDown image

This machine begins w/ a web enumeration, /dev/.git is discovered, since .git is found, we are able to view the logs and commits of the git repository, providing us w/ the header needed to access dev.siteisup.htb (siteisup.htb found at index page) & the source code of checker.php a p...

HackTheBox - Blunder

HackTheBox - Blunder image

This machine begins w/ a web enumeration, discovering bludit CMS running, it is vulnerable to a bruteforce protection bypass, directory traversal + image upload exec vulnerability. With cewl, a password word list is generated, to bruteforce against user fergus (revealed at todo.txt). Wit...

HackTheBox - RedPanda

HackTheBox - RedPanda image

This machine begins w/ a web enumeration, discovering /search, where it is susceptible to a SSTI2RCE exploit due to insufficient input sanitization, allowing us to obtain a low-privilege/www-data shell. For the privilege escalation part, pspy is used to snoop on background processes, di...