Dasor’s Blog

Jangow:1.0.1 vulnhub writeup

August 22, 2022

Easy linux machine in which we exploit a RCE and an old linux version

vulnhub bash scripting fuzzing ftp

August 15, 2022

Easy linux machine in which we bruteforce credentials and abuse a SUID binary

vulnhub wordpress fuzzing bruteforce

August 12, 2022

Medium linux machine in which we exploit flask-JWT we create a Bash script, exploit a RCE and get root with MySQL

hackthebox JWT flask MySQL bash scripting

August 01, 2022

Medium linux machine in which we use SQL injection, exploit ipython and redis

hackthebox SQL injection ipython redis

July 27, 2022

Medium linux machine in which we exploit mpdf with a bash script and escalate with gdb thanks to a capability

hackthebox mpdf capabilities gdb bash scripting

July 15, 2022

Easy linux machine in which we enumerate dns, fuzz subdomains, exploit and LFI, and exploit fail2ban

hackthebox mpdf capabilities gdb bash scripting

June 26, 2022

Easy linux machine in which we overwrite the app code with a malicious file name and changed a .githooks file

hackthebox flask port forwarding code revision gitea git

June 26, 2022

Easy linux machine in which we exploit flask and edit a script that gets executed by root

hackthebox flask PATH

April 29, 2022

Easy linux machine in which we exploit an old wordpress version and the polkit exploit

hackthebox wordpress polkit

January 09, 2022

Easy linux machine in which we exploit strapi and forward a lavarel port to exploit it

hackthebox strapi port forwarding