Control is a 40 pts box on HackTheBox and it is rated as “Hard”. It has an admin page that is supposed to be accessible for only one ip but an attacker is able to bypass it with a http header. Ther...

Traverxec HackTheBoxta 20 puanlık “Kolay” kategorisinde bir makine. Makine üzerinde nostromo adında bir webserver çalışıyor ve nostromonun bu versiyonu Uzaktan Kod Çalıştırmaya karşı zafiyetli. Sal...

Traverxec is a 20 pts box on HackTheBox and it is rated as “Easy”. It has a web server running called nostromo. This version of nostromo is vulnerable to Remote Code Execution. By abusing this vuln...

Mango HackTheBoxta 30 puanlık “Orta” kategorisinde bir makine. Makine üzerinde mongodb injection atağına karşı zafiyetli bir uygulama çalışıyor. Bir saldırgan login sayfasını atlatmak yerine verita...

Mango is a 30 pts box on HackTheBox and it is rated as “Medium”. It has an application running that was vulnerable to mongodb injection. An attacker needs to extract data from db rather than bypass...

Registry HackTheBoxta 40 puanlık “Zor” kategorisinde bir makine. Makine üzerinde kolay, tahmin edilebilir bir şifre kullanılmış private docker registry sunucusu mevcut. Bu sunucudaki docker imajınd...

Registry was a 40 pts box on HackTheBox and it was rated as “Hard”. It had a private docker registry that was protected with a common password allowing attackers to pull the docker image. Docker im...

<h2>Overview</h2> CVE-2019-10008 Allows any user of ServiceDesk Plus to authenticate as another user. Bypassing Authentication Guest to NT AUTHORITY/SYSTEM SHELL Ata Hakçıl, Melih Kaan...