Writing a simple RISC-V emulator in C - Part 01
(Base integer, multiplication and csr instructions)
Here, we write a simple c implementation of a riscv core in plain C. The implementation is dead simple and following the riscv specs and basic comuter architecture. This would help us learn about the internal workings of the computer, all thanks to this open source ISA.
KEYWORDS: [ RISC-V, RISC, computer architecture, C ]
Exploiting Moodle vulnerabilities and FreeBSD custom pkg (Hackthebox - Schooled Writeup)
Exploiting stored XSS and privilege escalation from teacher to manager role on moodle. Creating a custom freebsd package to exploit sudo capabilities to pwn a machine
KEYWORDS: [ Moodle, stored XSS, freebsd, pkg ]
Generate a static site with posix compliable shell script, using find, grep, sed, pandoc and vim
Create your personal blogsite using a posix compliable shell script that uses pandoc to convert your markdown files to html. This generates a very minimal static site with just what you need.
KEYWORDS: [ ssg5, posix, static site ]
Hackthebox - Ophiuchi Writeup
A medium difficulty hackthebox machine, exploited using YAML deserialization vulnerablity for SnakeYAML used in java applications, and modifying wasm file to get root privileges.
KEYWORDS: [ YAML deserialization, SnakeYAML, Java, WASM, WAT, GO ]
Hackthebox - Tenet Writeup
A medium difficulty hackthebox machine, exploited using PHP object deserialization, and a basic root privesc.
KEYWORDS: [ PHP object deserialization RCE, wordpress, virtual hosting ]
Hackthebox - Passage Writeup
A medium difficulty hackthebox machine with some pretty basic enumeration, exploitation and privesc and finally a cool D-Bus vulnerability used for privilege escalation to root.
KEYWORDS: [ CuteNews CMS, hashcat, USBCreator D-Bus Privilege Escalation, CUPS, cupsd, printer, ssh port forward ]
Hackthebox - Cache Writeup
A medium difficulty hackthebox machine with some pretty basic enumeration, exploitation and privesc and finally a cool D-Bus vulnerability used for pr ivilege escalation to root.
KEYWORDS: [ ]
Hackthebox - Node / TryHackMe - Node1 Writeup
A medium difficulty linux box exploited using node.js-expressjs, mongodb, a custom backup program and a kernel privesc
KEYWORDS: [ nodejs, expressjs, backup, kernel exploit, john ]
TryHackMe - Djinn Writeup
An intermediate level box having an implentation of flask. Needs some python scripting and port knocking to get user. Root privilege escalation using lxc container for user with lxd group membership.
KEYWORDS: [ python scripting, port knocking, flask, lxc privesc, lxd, sudo permissions ]
TryHackMe - Wonderland Writeup
A linux machine having a number of techniques for privesc - python path hijack, environment PATH hijack, linux file capabilities.
KEYWORDS: [ linux privesc, python path hijack, environment path hijack, linux file capabilities, ghidra, fuzzing ]
Hackthebox - Nest Writeup
An easy machine in HTB standards, but is quite hard.
KEYWORDS: [ smbclient, smb, .NET, C#, VB, Visual Basic, dnSpy, .netfiddle, windows ]
Hackthebox - Book Writeup
A medium difficulty linux machine having real world like vulnerability
KEYWORDS: [ sql truncation attack, lfi, xss, dynamic js, dynamic xss, logrotate race condition, sql, linux, real world ]