Hack the Box HTB: Devzat Hello there my friends! My name is Dot. And I am here, to tell you, how I solved the Devzat machine. To get a shell, we will abuse a code injection, which we found thanks to a .git directory on a subdomain. Then we
SSRF HTB: Forge Hello there my friends! My name is Dot. And I am here, to tell you, how I solved the Forge machine, which I enjoyed very much. To get a shell, we have to abuse a SSRF, where I will show you two ways to
WordPress HTB: Spectra Hello there my friends! My name is Dot. And I am here, to tell you, how I solved the Spectra machine, which is a really easy box. The way to get shell, is with some credentials that we can obtain from a file and
Php Object Injection HTB: Tenet Hello there my friends! My name is Dot. And I am here, to tell you, how I solved the Tenet machine, which I really liked. To get the first shell as www-data we will have to exploit a PHP object injection vulnerability, from there