-
BountyHunter Writeup [HTB]
BountyHunter is a Linux based machine that was active since July 24th to November 20th, on this machine we will find a XXE vulnerability and use it with a php wrapper to read internal files and get sensitive information, with the information gotten we will be able to connect to...
-
Seal Writeup [HTB]
Seal is a Linux based machine that was active since July 10th of 2021 to November 13th, on this machine we will access to a gitbucket instance which contains the configuration files of the webpage running on the machine, we will retrieive information about blocked pages by Nginx through ssl...
-
Explore Writeup [HTB]
Explorer is an Android based machine that was active since June 26th of 2021 to October 30th, on this machine we will exploit a vulnerability on an application running in the device to be able to list and download files inside of it, get a file with credentials and access...
-
dynstr Writeup [HTB]
Dynstr is a Linux based machine that was active since June 12th of 2021 to October 16th, we will find a service for giving dynamic DNS, just like noip and who claim to use the same API, testing it we find out that it is vulnerable to command injection, bypass...
-
Monitors Writeup [HTB]
Monitors is a Linux based machine that was active since April 24th of 2021 to October 9th, on this machine we will use a Local File inclusion vulnerability to get some credentials and enumerate subdomains available on the machine, with this credentials we will have access to a Cacti instance...