Exploiting Gitlab 12.8.1 – Laboratory @ HackTheBox
We are going to solve Laboratory, which is an easy linux machine on HackTheBox with a CVE on Gitlab for user and path hijacking on a setuid binary for root.
17Apr
Related Posts
07Mar
Bankrobber @ HackTheBox
Bankrobber is a 50-point machine on hackthebox that involves exploiting a cross site scripting vulnerability to gain access to an... read more
16May
Patents @ HackTheBox
Patents is a 40-point Linux machine on HackTheBox. For user we exploit an external entity injection in a word document... read more
10Apr
APT @ HackTheBox
APT is a 50-point machine on HackTheBox which involves getting the IPv6 Address via MS-RPC, credential spraying, and reading the... read more
21Nov
Buff @ HackTheBox
Buff is a 20-point Windows Machine on HackTheBox, created by egotisticalSW. It involves 2 simple public exploits and forwarding a... read more
16Mar
Carrier @ HackTheBox
Carrier is a nice, medium difficulty machine on hackthebox.eu featuring information retrieval via snmp, command injection and bgp hijacking. The... read more
28Apr
Bastion @ HackTheBox
Bastion is an easy 20 points machine on hackthebox. It is about mounting a .vhd file over the network, retrieving... read more
05Dec
Stealing Hashes with Responder, GPO Permissions & Unintended Ways – Vault @ PG Practice
We are solving Vault from PG Practice. This machine involves planting malicious files on an SMB share to steal hashes.... read more
14Mar
Postman @ HackTheBox
Postman is a 20-point machine on hackthebox, that involves using redis to write an ssh key to disk, cracking the... read more
29May
XSS, Deserialization & SeImpersonate – Cereal @ HackTheBox
We are solving Cereal, a 40-point machine on HackTheBox. For user, we will exploit a pretty tricky deserialization vulnerability in... read more
16May
SwagShop @ HackTheBox
SwagShop is a very easy machine on hackthebox, involving a public exploit and sudo abuse. read more