THM - Hammer
In this lab, we performed a brute-force attack to crack a 4-digit PIN with a rate limit of 8 attempts. Once the PIN was successfully cracked, we changed the account password. Afterward, we crafted a new JWT token by exploiting the kid parameter, pointing it to a file path containing a key. Using this key, we signed the token, bypassing authentication and gaining unauthorized access.
BYUCTF 2024 - Random (web)
Learn how to generate a JWT using HS256 and a SHA-256 hashed secret key from the app's start time. This guide covers creating the token, using it as a session cookie, and accessing protected files via an API, highlighting potential security flaws.
BYUCTF Random writeup
HTB - Keeper
Keeper involves exploiting a helpdesk running Request Tracker. Using default creds, I accessed a user profile, found a memory dump from KeePass, and exploited CVE-2022-32784 to extract the master password. This led to a root SSH key, which I converted to OpenSSH format to gain root access.
Keeper writeup
HTB - Cozy Hosting
HackTheBox CozyHosting, will teach you about Spring Boot active session, specific wordlist for content discovery and encoded payload to get a shell via OS command injection.
CozyHosting writeup
Monitors Two
MonitorsTwo lab is about cacti 1.2.22 (CVE-2022-46169), getting info from important files, reused password, /sbin/capsh SUID and docker engine moby flaw (CVE-2021-41091)".
Monitors Two writeup
HTB - SAU
HackTheBox SAU, that lab's about SSRF, request-baskets,maltrail (v.053) and CVE-2023-27163. You'll learn how to use GTFOBins to get a shell bypassing linux security restrictions.
SAU writeup
THM - What's your name?
In this challenge I managed to get the moderator and admin's cookie via XSS/CSRF.
What's your name writeup