Bjarne Verschorre

../easy/

#easy

Editorial

SSRF exposes credentials, latteral movement is possible via past git commits, privesc by exploiting GitPython.

📅 Jun 20, 2024
⏲️ 5 min
🏷️ #easy #hackthebox

Usage

Webpage with SQLi and file upload vulnerability. Escalate to root by abusing a script that runs as sudo.

📅 Jun 10, 2024
⏲️ 4 min
🏷️ #easy #hackthebox

Perfection

A Ruby webserver with a template injection vulnerability, leading to a reverse shell and brute-forcing hashes for a privilege escalation to root.

📅 Jun 5, 2024
⏲️ 4 min
🏷️ #easy #hackthebox

Headless

Simple webserver with a contact form vulnerable to XSS. Escalate to root by abusing a script that runs as sudo.

📅 Jun 4, 2024
⏲️ 4 min
🏷️ #easy #hackthebox

Board Light

Simple webserver with a CRM software vulnerable to RCE. Escalate to root by abusing the enlightenment_sys SUID binary.

📅 Jun 3, 2024
⏲️ 4 min
🏷️ #easy #hackthebox

Hacker vs Hacker

Someone has compromised this server already! Can you get in and evade their countermeasures?

📅 May 6, 2024
⏲️ 5 min
🏷️ #easy #tryhackme