Control is a 40 pts box on HackTheBox and it is rated as “Hard”. It has an admin page that is supposed to be accessible for only one ip but an attacker is able to bypass it with a http header. Th...
HackTheBox-Traverxec Çözümü
Traverxec HackTheBoxta 20 puanlık “Kolay” kategorisinde bir makine. Makine üzerinde nostromo adında bir webserver çalışıyor ve nostromonun bu versiyonu Uzaktan Kod Çalıştırmaya karşı zafiyetli. S...
HackTheBox-Traverxec Writeup
Traverxec is a 20 pts box on HackTheBox and it is rated as “Easy”. It has a web server running called nostromo. This version of nostromo is vulnerable to Remote Code Execution. By abusing this vu...
HackTheBox-Mango Çözümü
Mango HackTheBoxta 30 puanlık “Orta” kategorisinde bir makine. Makine üzerinde mongodb injection atağına karşı zafiyetli bir uygulama çalışıyor. Bir saldırgan login sayfasını atlatmak yerine veri...
HackTheBox-Mango Writeup
Mango is a 30 pts box on HackTheBox and it is rated as “Medium”. It has an application running that was vulnerable to mongodb injection. An attacker needs to extract data from db rather than bypa...
HackTheBox - Registry Çözümü
Registry HackTheBoxta 40 puanlık “Zor” kategorisinde bir makine. Makine üzerinde kolay, tahmin edilebilir bir şifre kullanılmış private docker registry sunucusu mevcut. Bu sunucudaki docker imajı...
HackTheBox - Registry Writeup
Registry was a 40 pts box on HackTheBox and it was rated as “Hard”. It had a private docker registry that was protected with a common password allowing attackers to pull the docker image. Docker ...
Manage Engine ServiceDesk Plus Version 9.3 ATO CVE-2019-10008
Overview CVE-2019-10008 Allows any user of ServiceDesk Plus to authenticate as another user. Bypassing Authentication Guest to NT AUTHORITY/SYSTEM SHELL Ata Hakçıl, Melih Kaan Yıldız Platform all...
Recently Updated