Hack the Box Challenges
Hi! You probably know about Hack the Box labs. It was my mistake to neglect it for a long time, but now I am going to have a lot of fun with that.
I don’t like spoilers, but I just can’t keep it inside me, so, here is a small list of Hack The Box lab exploits and techniques that impressed me and - in some degree - changed my life, lol:
- Python cPickle deserialization misuse that leads to RCE.
- NodeJS Express Framework deserialization exploit - yeah, I really like deserialization issues :D
- Hearthbleed, of course. It was very nice to meet this vulnerability inside the HTB labs.
- NTFS Streams as the way to hide files and data using NTFS features.
- Difference between Python input() and raw_input() that may cause RCE vulnerability.
Just try Hack the Box by yourself and you will discover a whole world of nice hand-crafted machines to hack in your weekend.
Here is my badge, so, feel free to drop me a line: