Time 📅 Apr 15, 2021 · ☕ 9 min read · ✍️ M4t35Z My HackTheBox Time writeup (Jackson rce --> Weak permissions)
Overpass3 - Hosting 📅 Mar 11, 2021 · ☕ 9 min read · ✍️ M4t35Z dirfuzz --> backup --> gpg --> creds --> ftp --> pw reuse --> nfs
Feline 📅 Feb 20, 2021 · ☕ 12 min read · ✍️ M4t35Z A box featuring java deserialization multiple CVE's and a docker privesc
The Great Escape 📅 Feb 20, 2021 · ☕ 14 min read · ✍️ M4t35Z robots --> backup --> dev api --> command injection --> injection --> git log --> port knocking --> docker -H
Overpass2 - hacked 📅 Feb 7, 2021 · ☕ 4 min read · ✍️ M4t35Z A box about pcap analysis and a SUID binary
Archangel 📅 Feb 6, 2021 · ☕ 8 min read · ✍️ M4t35Z A box about getting an RCE via LFI and Log Poisoning. Then abusing a cronjob that used a file with weak permissions. And then analysing a suid binary which used relative paths instead of absolute paths which made it vulnerable to path injection.
hackerNote 📅 Feb 5, 2021 · ☕ 5 min read · ✍️ M4t35Z A box about user enumeration(I did it with the hint fuctionality), brute forcing and abusing a well-known sudo cve (pwfeedback bof)
Omni 📅 Jan 20, 2021 · ☕ 6 min read · ✍️ M4t35Z HackTheBox Omni writeup. A Windows IOT box, with PSCredential encrypted flags