Posts tagged #rce

June 29, 2024 writeup

HTB: blazorized Writeup

blazorized is a Hard-difficulty Windows domain controller machine from HackTheBox.

#htb #writeup #windows

+7

May 18, 2024 writeup

2024 Business CTF - Vault of Hope: Submerged

Full penetration test of web server with SPIP CMS exploitation, leading to initial access and system compromise

#htb #ctf #fullpwn

+3

March 16, 2024 writeup

HTB: wifinetictwo Writeup

wifinetictwo is a Medium-difficulty Linux machine featuring OpenPLC Runtime exploitation and WiFi security attacks.

#htb #writeup #linux

+5

March 9, 2024 writeup

2024 Cyber Apocalypse: SerialFlow

Exploit memcached injection and Python pickle deserialization for RCE

#htb #ctf #web

+4

March 9, 2024 writeup

2024 Cyber Apocalypse: Web SerialFlow

Exploit serialization vulnerabilities to achieve RCE through pickle deserialization

#htb #ctf #web

+3

November 15, 2023 writeup

HTB Hack The Boo Practice: Web Pumpkinspice

Command injection vulnerability in localhost-restricted endpoint

#htb #ctf #web

+3

November 15, 2023 writeup

HTB Hack The Boo Practice: Web Spellbound Servants

Pickle deserialization exploitation for remote code execution

#htb #ctf #web

+4

July 15, 2023 writeup

2023 Business CTF: Lagmon

Exploit WordPress plugin vulnerabilities and LLM prompt injection for RCE

#htb #ctf #fullpwn

+4

July 15, 2023 writeup

2023 Business CTF: Web Watersnake

Exploit a Java deserialization vulnerability in a water level monitoring application.

#htb #ctf #web

+5

March 18, 2023 writeup

2023 Cyber Apocalypse: Hijack

Exploit Python deserialization vulnerabilities in YAML and Pickle

#htb #ctf #misc

+4

October 26, 2022 writeup

2022 Hack The Boo: Evaluation Deck

Code injection via unsafe use of Python compile() and exec() in arithmetic evaluation

#htb #ctf #web

+5

October 26, 2022 writeup

2022 Hack The Boo: Spookifier

Server-Side Template Injection (SSTI) in Mako template engine leading to RCE

#htb #ctf #web

+5