0niSec

Latest Posts

• Aug 3, 2024

  iClean

  xss ssti weakpasswords sessionjacking htb writeup

  A medium rated Linux box that involves exploiting a Server-Side Template Injection (SSTI) vulnerability to get a reverse shell as a low level user. Further privilege escalation requires finding a weak password in a database table, which leads the attacker to another user. Root user is obtained by exploiting a vulnerability in qpdf.

• Aug 2, 2024

  Shocker

  writeup htb gtfobins sudo cve shellshock

  An easy rated Linux machine that demonstrates the Shellshock vulnerability. Once the vulnerability is exploited, the attacker is able to escalate privileges through the perl binary.

• Aug 1, 2024

  Blue

  htb writeup cve metasploit eternalblue ms17-010 smb

  An easy rated Windows machine that demonstrates the critical vulnerability in Windows SMBv1, also known as MS17-010 or 'EternalBlue'.

• Jul 27, 2024

  PermX

  writeup htb reusedpasswords sudo cve chamilo fileupload

  An easy rated linux machine that is found to be running a vulnerable version of Chamilo that allows the attacker to perform an unathenticated remote file upload. The attacker uses this to obtain a reverse shell onto the machine. Privilege escalation is obtained from exploiting a custom bash script found in /opt.

• Jul 27, 2024

  WifineticTwo

  writeup htb wireless openplc cve rce psk pixiedustattack

  A medium rated Linux machine that has the attacker exploit an authenticated RCE CVE to obtain user shell. Pivoting from there, the user will need to scan for other wireless networks and obtain a PSK using a Pixie Dust attack. After generating a WPA passphrase and connecting to the wireless network, the attacker is able to connect via SSH.