• Doctor Writeup [HTB]

  06 Feb 2021

  Doctor is a Linux based machine that was active since September 26th of 2020 to February 6th of 2021, we will start this machine creating an account on its site and finding a SSTI vulnerability where the results are not reflected on the same page that we inject our payload,...

  HackTheBox    Server Side Template Injection    Splunkd    Python   

• Worker Writeup [HTB]

  01 Feb 2021

  Worker is a Windows based machine that was active since August 15th of 2020 to January 30th of 2021, we will start this machine cloning a repository stored on Subversion, on this repository we will get a subdomain where we will find an instance of Azure Devops, also on the...

  HackTheBox    Windows   

• SneakyMailer [HTB]

  28 Nov 2020

  SneakyMailer is a Linux based machine that was active since July 11th of 2020 to November 28 , on this machine we will have to make a phising campain to get the credendials of a user, then using those credentials we will access to their smtp server and find other...

  HackTheBox    Python   

• Blunder Writeup [HTB]

  17 Oct 2020

  Blunder is a Linux based machine that was active since May 30th of 2020 to October 17th, we will start this machine by bruteforcing its webpage for files and directories, we will find a todo list and an admin page, checking the admin page we find out that it is...

  HackTheBox    sudo   

• Cache Writeup [HTB]

  10 Oct 2020

  Cache is a Linux based machine that was active since May 9th of 2020 to October 10th, we will start the machine checking the webpage, there we will find a subdomain, on that subdomain we will find an instance of openEMR vulnerable to SQL Injection and RCE, once inside the...

  HackTheBox    SQL Injection    Docker