Dasor

CS student passionate for hacking

Posts by Year

2023 7
2022 24
2021 1

2023

MonitorsTwo hackthebox writeup

May 30, 2023

Easy linux machine in which we hack cacti with a CVE, get credentials from a SQL database, and exploit a docker CVE to escalate privileges

PC hackthebox writeup

May 26, 2023

Easy linux machine in which we hack gRPC via SQL injection and escalate privileges thanks to a pyload CVE

hackthebox gRPC SQL injection CVE pyload

Busqueda hackthebox writeup

April 11, 2023

Easy linux machine in which we exploit a known vulnerability,find plaintext credentials, and abuse a relative path

hackthebox RCE git gitea docker

Inject hackthebox writeup

April 07, 2023

Easy linux machine in which we exploit a CVE found plaintext credentials adn privesc with ansible

hackthebox cron ansible LFI RCE

Agile hackthebox writeup

April 07, 2023

Medium linux machine in which we get LFI forge our own flask token, exploit Chrome in debug mode and use a sudo CVE to privesc

hackthebox cron LFI flask

Ambassador hackthebox writeup

January 18, 2023

Medium linux machine in which we exploit a CVE get credentials to a MySQL db then get ssh credentials and lastly find a consul token in a git repository to get root

hackthebox MySQL git port forwarding grafana consul

Stocker hackthebox writeup

January 17, 2023

Easy linux machine in which we find a subdomain, bypass a login, get LFI thanks to XSS and escalate privileges via missconfiguration

hackthebox fuzzing NoSQL injection XSS LFI sudo

2022

Soccer hackthebox writeup

December 27, 2022

Easy linux machine in which we upload malicious files, we do a sqli in a websocket and privesc thanks to doas and dstat

hackthebox fuzzing MySQL SQL injection websocket doas

Impossible Password hackthebox writeup

December 15, 2022

Simple yet didactic reverse engineering challenge

hackthebox challenge reverse engineering

Precious hackthebox writeup

December 09, 2022

Really easy linux machine in which we exploit a pdfkit RCE, find plaintext credentials and escalate thanks to a .yaml file

hackthebox RCE

Metatwo hackthebox writeup

December 05, 2022

Easy linux machine in which we exploit a couple wordpress vulneravilties and crack a couple hashes

hackthebox SQL injection ftp wordpress

Shoppy hackthebox writeup

November 06, 2022

Easy linux machine in which we inject NoSQL code, crack a password, reverse engineer a binary and escalate through docker

hackthebox NoSQL fuzzing reverse engineering docker

Photobomb hackthebox writeup

October 30, 2022

Easy linux machine in which we find exposed credentials, exploit a RCE and privilege escalate with PATH manipulation

hackthebox PATH fuzzing RCE

Archangel tryhackme writeup

October 09, 2022

Easy linux machine in which we exploit and LFI, poison logs to get RCE, and escalate with both crontab and $PATH

tryhackme LFI log poisoning cron PATH

How to Privesc with java sudo/SUID

September 25, 2022

Short post in which I explain how to use java with sudo or with the SUID bit to privilege escalate

real life java sudo SUID

Road tryhackme writeup

September 11, 2022

Medium linux machine in which we exploit a non-secure change password functionality, upload malicious files, interact with mongodb and exploit insecure LD_PRELOAD

tryhackme LD_PRELOAD mongodb uploading files

Death note vulnhub writeup

September 01, 2022

Very easy linux machine in which we upload a malicious php plugin to wordpress, bruteforce a user’s password and find unexpected files in the system

vulnhub bash scripting bruteforcing wordpress

What I’ve learned in 3 months of hacking

August 29, 2022

In this article I will share my experience of learning some hacking during my 3 months of summer vacation and criticly analyze if I took the right path. Then I will try and give my best advice.

ctf hackthebox tryhackme vulnhub picoctf