Do you know how to make a PoC after finding a subdomain takeover in a AWS service? In this post I’ll share some insights and tips along with how to create a nice proof of concept so that our bugs get accepted and paid!
HackTheBox: Academy write-up
Attention to requests may result in becoming admin sometimes and an exposed Laravel APP key will always give you RCE! This write-up shows how to do that and more things like exploiting Composer to become root
HackTheBox: Bucket write-up
S3 and DynamoDB together in a box that will make you learn a lot about AWS but above all read documentation, a lot of documentation!
Subdomain Takeover in Azure: making a PoC
Most (if not all) bug bounty hunters know what a subdomain takeover is and what its impact is, but do you know how to actually take over the domain and make a working proof of concept?
HackTheBox: Passage write-up
Attention to detail was never so important! Passage will make those details be the key to the multiple privileges escalations needed to become root! Check it out!
HackTheBox: SneakyMailer write-up
Bits of automation with Python packages! Really cool box to learn different techniques, like trying to use an SMTP server to send emails using gathered data. Recommend it 100%
HackTheBox: Fuse write-up
Windows box and enumeration! Fuse combines a thorough exploration of different services to gather information and then use a password spraying attack to get a foothold into the system, after that a permissions misconfig allows us to get admin!
HackTheBox: Blunder write-up
Do you like finding rabbit holes? If so, this machine is for you. And don’t forget that googling for exploits is crucial!
HackTheBox: Cache write-up
Machine with different virtual hosts, one of them with a vulnerable openEMR instance. From there docker and Memcached are the way to root
HackerOne h1-2006 CTF write-up
Here is my write-up of how I solved HackerOne h1-2006 CTF, definitely learned a lot of new things!