Home
Niraj Kharel
Cancel

HTB - Interface

HTB — Interface A detailed walkthrough for solving Interface on HTB. The box contains vulnerability CVE-2022–28368 RCE on Dompdf and privilege escalation through arithmetic expression injection on...

HTB - Investigation

HTB — Investigation A detailed walkthrough for solving Ambassador Box on Hack The Box. The box contains vulnerability like Arbitrary File Read CVE-2021–43798, weak encryption and Remote Code Execu...

HTB - BroScience

HTB — BroScience. A detailed walkthrough for solving BroScience Box on HTB. The box contains vulnerability like Path Traversal and PHP Deserialization from where we can have low priv access. Enume...

Deserializing the Deserialization attack

I was solving one of the active box in HTB where I encountered some interesting Deserialization vulnerability. Although I managed to solve the box, I was more curious about the exploitation of dese...

HTB - Mentor

HTB — Mentor A detailed walkthrough for solving Mentor Box on HTB. The box contains vulnerability like information disclosure in SNMP, Command Injection, Hardcoded credentials and privilege escalat...

Web Pentesting - Recon

Subdoman Enumeration at first Subfinder Configure the necessary API Keys on ~/.config/subfinder/provider-config.yaml subfinder -d domainname.com -o subfinderoutput # Active Scanning subfi...

HTB - Forgot

HTB — Forgot. The detailed walkthrough for solving Forgot on Hack The Box. The box contains vulnerability like host header injection, cache deception, hardcoded credentials and Code injection in `s...

Android Pentesting - DeepLinks

One of the most frequently acknowledged vulnerabilities in bug bounty programs for Android and iOS apps is related to DeepLink, which can be exploited remotely. However, it should be noted that att...

HTB - Ambassador

HTB — Ambassador A detailed walkthrough for solving Ambassador Box on Hack The Box. The box contains vulnerability like Arbitrary File Read CVE-2021–43798, weak encryption and Remote Code Executio...

AWS Pentesting - CloudGoat

cloudGoatAWS Configure the profile aws configure --profile <profile-name> IAM Privilege Escalation by Rollback Objective: Enumerate IAM policy versions and roll back to a previous ve...