SwagShop – HackTheBox writeup

Target IP: 10.10.10.140 Exploitation Summary Initial Exploitation Vulnerability: Remote code execution via MagentoExplanation: Magento has couple remote code execution vulnerabilities allowing admin account creation and then code execution through admin…

Continue Reading

Jeeves – HackTheBox writeup

Target IP: 10.10.10.63 Exploitation Summary Initial Exploitation Vulnerability: Remote code execution via Jenkins Script ConsoleExplanation: Jenkins management console is available without login and resulted in code execution through the Script…

Continue Reading

Bitlab – HackTheBox writeup

Target IP: 10.10.10.114 Exploitation Summary Initial Exploitation Vulnerability: Security through obscurityExplanation: Credentials are obscured in javascript function within the website. Privilege Escalation Vulnerability: sudo git pullExplanation: hook script for post-merge…

Continue Reading
Close Menu