Posts
All the things I've posted.
HTB • CTF • Sea • Write-Up
Published: at 10:39 AMHack The Box Sea write-up: use XSS to get RCE in WonderCMS, pivot into a user shell, then abuse a log-viewer LFI behind HTTP Basic auth to read /root/root.txt directly.
High Available ELK Stack
Published: at 05:16 PMGuest post by Telman: detailed walkthrough for building a highly available ELK stack on GCP with three Elasticsearch nodes, Logstash, Kibana and Filebeat sending logs.
Author: Telman Yusifov
HTB • CTF • Resource • Write-Up
Published: at 04:00 PMHack The Box Resource write-up: PHAR-based ZIP upload to get RCE, MySQL creds from the app, secrets in a HAR file, and SSH certificates to move from containers to the host.
Ngrok Use Cases
Published: at 04:00 PMNgrok examples I actually use: exposing local web servers, getting reverse shells, pivoting with chisel, bypassing restrictions and quickly sharing demos with others.