Working with Linux Capabilities | Cap HackTheBox
Linux capabilities allow for a nuanced approach to the security architecture, breaking down the absolute root privilege into specific individual permissions. This division provides a detailed control mechanism as opposed to the generic superuser model. “Cap” is a HackTheBox machine designed to test one’s grasp of pcap files and SSH, but also emphasizes the importance […]
Exploiting HeartBleed for OSCP | Valentine HackTheBox
HackTheBox presents “Valentine”, a vulnerable machine centered around OpenSSL’s well-known HeartBleed issue. This challenge pushes us to grapple with essential security concepts. The path to the flags involves decoding messages and navigating Linux for privilege escalation. In this walkthrough, I’ll share my approach to Valentine, highlighting the steps and strategies I used. Let’s dive into […]
Heartbleed for Attacking OpenSSL
HeartBleed is a bug in the OpenSSL library that allows users to access restricted memory addresses on a server. This enables unprivileged users to reach data to which they wouldn’t usually have access. This data includes confidential information such as usernames and passwords, along with a server’s private key. Preface Let’s quickly define a few […]
HTML Injection – Platform for Phishing Users
HTML Injection is a type of attack that allows a malicious user to inject arbitrary HTML content into a site’s webpage. HTML injection is comparable to a limited XSS attack where malicious users can only enter HTML tags. When a web application does not properly handle user input, attackers can supply valid HTML code, adding […]