|
You are here |
blog.ikuamike.io | ||
| | | | |
taeluralexis.com
|
|
| | | | | In this writeup, we'll exploit a Linux machine on Hack The Box with CVE-2023-46604, leveraging Java deserialization for remote code execution. | |
| | | | |
www.justus.pw
|
|
| | | | | [AI summary] The user successfully gained access to a system by exploiting a Heartbleed vulnerability, decrypted an RSA key using a password obtained from memory, and then used that key to log in as the 'hype' user. After enumerating the system, they accessed a Tmux session to gain root access and retrieved the root flag. | |
| | | | |
0xdf.gitlab.io
|
|
| | | | | Active was an example of an easy box that still provided a lot of opportunity to learn. The box was centered around common vulnerabilities associated with Active Directory. There's a good chance to practice SMB enumeration. It also gives the opportunity to use Kerberoasting against a Windows Domain, which, if you're not a pentester, you may not have had the chance to do before. | |
| | | | |
www.sentinelone.com
|
|
| | | Analysis suggests that CVE-2024-3094, a backdoor deliberately planted into XZ Utils, may have been only the first on the threat actor's agenda. | ||