A Linux server ready to be owned.

When a passionate minecraft player just wanted to share with the community, he didn't focus much on the security of his personal blog and server.

Even though this challenge is marked as easy, I had to use with interesting options of metasploit and find fun workarounds to make it work. This challenge was definitely a fun one.

An easy machine on HackTheBox, not much of a challenge but interesting nonetheless to get acquainted with the methodology and tools.

An easy exploit with metasploit for a very famous vulnerability.

An easy machine on HackTheBox, great to review the basics and start with metasploit and meterpreter!

In this retired challenge of the HackTheBox platform a professor has been a little careless in the development of his grading platform. By some miracle, we managed to get our hands on the grading platform source code. The goal is to exploit a code injection vulnerability to change our grades, or read the flag.

Challenge 16 - Set 2 of the Cryptopals Crypto Challenges. The goal is to modify a ciphertext to change our role to 'admin' and gain some cool privileges.

In this retired challenge of the HackTheBox platform we are supposed to exploit an insecure deserialization vulnerability. This challenge is part of the OWASP Top 10 tracks of the HackTheBox platform, with an easy difficulty. While the exploit in itself was relatively easy I thought the path to understanding how things worked deserved a write-up.

Challenge 14 - Set 2 of the Cryptopals Crypto Challenges. The goal is to decrypt some target bytes with an oracle function but not much control. This challenge has a lot of similarities with Challenge 12 but there is a twist. I made lots of cool diagrams in this write-up, go check them out!