Hi! You probably know about Hack the Box labs. It was my mistake to neglect it for a long time, but now I am going to have a lot of fun with that.

I don’t like spoilers, but I just can’t keep it inside me, so, here is a small list of Hack The Box lab exploits and techniques that impressed me and - in some degree - changed my life:

  1. Python cPickle deserialization misuse that leads to RCE.
  2. NodeJS Express Framework deserialization exploit - yeah, I really like deserialization issues :D
  3. Hearthbleed, of course. It was very nice to meet this vulnerability inside the HTB labs.
  4. NTFS Streams as the way to hide files and data using NTFS features.
  5. Difference between Python input() and raw_input() that may cause RCE vulnerability.

Just try Hack the Box by yourself and you will discover a whole world of nice hand-crafted machines to hack in your weekend.

Here is my badge, so, feel free to drop me a line: Hack The Box

Good Luck!

The end