Here are the slide deck for the Nullcon Talk me and Shreya presented. And here are the Demo videos for both semgroup and XSS bomb. XSS bomb in action
Shibboleth Writeup / Walkthrough Hack the box
TL;DR This is a walkthrough writeup on Shibboleth which is a Linux box categorized as medium difficulty on HackTheBox.The initial foothold was gained by dumping the IPMI password hashes through the asf-rmcp service running on UDP port 623 & leveraging these credentials to get code execution through the Zabbix server dashboard. Lateral privesc was made […]
Horizontall Writeup / Walkthrough Hack the box
TL;DR This is a walkthrough writeup on Horizontall which is a Linux box categorized as easy on HackTheBox. Primarily, the crux about rooting this was enumeration & CVE exploitation. The initial foothold was gained by enumerating and exploiting Strapi using CVE-2019-19609, and later the privilege escalation part was done using CVE-2021-3129. Walkthrough Horizontall Writeup: Scanning […]
Forge Writeup / Walkthrough Hack the box
TL;DR This is a walkthrough writeup on Forge which is a Linux box categorized as medium on HackTheBox. The initial foothold was gained by discovering and exploiting SSRF (Server-Side Request Forgery) in a file upload functionality to access an internal sub-domain which revealed the FTP credentials using which we were able to read the SSH […]
Previse Writeup / Walkthrough Hack the box
TL;DR This is a walkthrough writeup on Previse which is a Linux box categorized as easy on HackTheBox. The initial foothold was gained by discovering and exploiting command injection in POST request parameter, meanwhile the privilege escalation part was done using PATH variable exploitation. Overall an easy & beginner friendly box. Walkthrough Previse Writeup: Scanning […]
Delivery Writeup / Walkthrough HackTheBox
TL;DR This is a walkthrough writeup on Delivery which is a Linux box categorized as easy on HackTheBox, created by our messiah Ippsec. This box has Mattermost and osTicket running on it. The initial foothold was gained by impersonating email to read the Mattermost server chat which revealed the SSH credentials. Privilige Escalation required us […]
Cap Writeup / Walkthrough Hack the box
TL:DR This is a walkthrough writeup on Cap which is a Linux box categorized as easy on HackTheBox. The initial foothold was gained by exploiting the parameter tampering vulnerability on the webpage, that exposed the credentials for FTP, which were also valid for SSH due to password reusability. Privilege escalation was rather easy on this […]
Shocker Writeup / Walkthrough Hack the box
TL;DR This is a walkthrough writeup on Shocker which is a Linux box categorized as easy on HackTheBox. The initial foothold was gained by discovering & exploiting the ShellShcok vulnerability to gain the user shell. Priviliege escalation part was relatively easy and was done by exploiting the SUDO permissions for the user. Overall, this was […]
BountyHunter Writeup / Walkthrough Hack the box
TL;DR This is a walkthrough writeup on BountyHunter which is a Linux box categorized as easy on HackTheBox. The initial foothold was gained by discovering and exploiting XXE vulnerability, meanwhile the privilege escalation part was interesting and required us to do some basic code analysis. This was my first ever Active Box which I rooted, […]
What are Kubernetes Pods and how to manage them?
Kubernetes pods are the smallest units in the ecosystem. A pod is basically a container of containers. Kinda confused? yeh! Containers or Docker containers contain your app and know how to deploy it in an ideal situation. Before Kubernetes can help you scale your app to your desired amount of users. We need to have […]