HackTheBox - Photobomb

Photobomb is a fun box on Hackthebox where we initially get hardcoded credentials in a Javascript file, which we can use to authenticate with basic auth to access the image resizing tool, which has command injection leading to us getting a reverse shell. After getting initial access as user wizard, we see a cleanup.sh script which can be run as root. We then abuse the redirection operator > clobbering the /etc/passwd file to escalate our privileges by adding user wizard to group root.

February 11, 2023 · 7 min · Aditya Telange

Merging AOSP Security Patches into Custom ROMs

Learn how Android Custom ROM developers merge AOSP security patches.

January 28, 2023 · 3 min · Aditya Telange

Primer on HTTP Security Headers

What are HTTP headers? HTTP headers are a list of key-value pairs which are sent along with HTTP requests and responses. Let us take an example with below request(left) and response(right): In the above snapshot, we can see that we have an HTTP request being sent to Host. Along with that request/response, we see Key:Value pairs, these are HTTP Headers. These look similar to YAML format. ...

December 4, 2022 · 10 min · Aditya Telange

Image Zoom-In effect with HUGO

In this blog post we will look into how we can add a Zoom-In effect for better visibility. We will be using Markdown Render Hooks from Hugo with HTML & CSS, implementing a non-javascript solution. View the outcome 👇 About Markdown Render Hooks Hugo offers really handy Markdown Render Hooks. These allow custom templates to override markdown rendering functionality. We will be using render-image hook to process out the images in the post as per our needs. The render-image hook stays in the location shown below. ...

September 10, 2022 · 3 min · Aditya Telange

HackTheBox - Legacy

Legacy is a relatively easy box which has SMB running on Windows XP(2000) OS. We find the exploit with metasploit and get access to priviledged user NT AUTHORITY\SYSTEM directly.

June 3, 2022 · 4 min · Aditya Telange
This site uses cookies to improve your experience on our website. By using and continuing to navigate this website, you accept this. More details in Privacy Statement.