Participating in bug bounties is a very popular way for hackers to contribute to an organizations’ security and earn a few bucks off it. Organizations announce bounty programs to invite hackers to test and hack their online assets, this helps in the improvement of their systems through a crowdsourced model.
Ever thought of securing open-source software? Is it worth it? Let us understand it through this blog!
Time is a medium-rated machine on HackTheBox created by egotisticalSW and felamos which takes us through exploiting a Java Deserialization in a JSON validator web application and abusing a cronjob with a misconfigured file permission set to gain a root shell.
Information gathering is an integral part of cybersecurity. We require enumerating our target to know any potential loopholes. Being a cybersecurity enthusiasts we use different services like Shodan, Censys and perform things like fingerprinting, Google Dorking etc. This blog will make you familiar with another great service which is Spyse.
Passage is an interesting linux machine, it takes us through exploiting an RCE in CuteNews 2.1.2 content management system to exploiting USB-Creator D-Bus interface to gain root access.
This box is created by egre55 and mrb3n. It takes us through exploiting a simple IDOR in a web application to escalate our privileges and accessing a task list which reveals a virtual host for development & testing purposes. We then exploit an Unserialize RCE in PHP Laravel framework and receive a reverse shell. We then use enumerate in the machine to find credentials, sensitive files and use misconfigured permissions on /usr/bin/composer to escalate to root in the machine.