How to do Privilege Escalation with JWT
Using a weak password can always be problematic. Lets see how selecting a weak secret key can lead to privilege escalation in JWTs
0 Comments
May 23, 2020
The basic concepts of JWT
Nowadays JWTs are widely used as an authorization standard and allows for secure information transmission. There are a lot of features that make JWT the first choice to implement.So let's dive into the blog post to uncover the basic terminologies of JWT, learn to build JWT from scratch and know about its working. What is JWT?? It stands for JSON Web Tokens.…
May 22, 2020
Cache : Hackthebox Walkthrough
Cache is medium linux box. Initial foothold is based on CVE of openEMR and privlege escalation requires exploiting the docker group member.
May 17, 2020
Abusing SeImpersonatePrivilege on users to become SYSTEM
Hello Everyone! This is Shreya Pohekar. This is a follow-up blog from jeeves from hackthebox. Jeeves is a medium windows box. The writeup can be found out here. This blog post depicts yet another way to priv esc to Administrator. The pre-requisite is to have a user shell.When I ran a whoami /priv , It listed all the privileges the user has.…
May 8, 2020
Jeeves : Hackthebox walkthrough
Hey fellow Hackthebox users!! This is Shreya Pohekar. This blog post is gonna walk you through Jeeves that’s a medium windows machine. The initial foothold on the box is based upon the unauthenticated Remote code execution on the jenkins. The key is just to find the right direcotry to hit. Once inside the box, there is a keepass database stored somewhere. Decrypt…
May 7, 2020
Control : Hackthebox Walkthrough
Hey fellas!! This is Shreya Pohekar and today we’ll be walking through Control from Hackthebox. It was a hard windows machine. The initial foothold (wwwroot) to the machine exploited a sql injection, where I uploaded a web shell using the vulnerability. Getting to the user was pretty straightforward as the sqlmap listed password hashes. Privilege escalation to root required us to read…
May 3, 2020
HackTheBox : Traverxec Walkthrough
Hello all! This is Shreya Pohekar. Today we’ll be doing traverxec from hack the box. This box recently retired and is available for free in the retired machines section. So if you got stuck somewhere while the machine was active, follow the walkthrough and submit the flags. The machine is an easy Linux box that requires you to do a bit of…
April 27, 2020
HackTheBox : Magic Walkthrough
An easy machine from HacktheBox. Let's grab the root flag.....
April 27, 2020
Understanding insecure deserialization
Hello everyone!! Serialization is a concept that is being implemented for very long, but the vulnerability has got much traction in recent years. In the OWASP top 10 list, 2017, insecure deserialization is positioned at 8th which has furthermore attracted hackers and pentesters to explore on the vulnerability. So lets deep-dive in understanding what exactly is serialization. It is a process of…
April 27, 2020
Internet of Things :Is It Secure Enough?
The new gen tech that sets to revolutionize the theory of gadegts. Is it secure enough? Lets dive in to check out.
April 27, 2020
How to setup DVWA on kali linux
Setup you own lab to practice owasp top 10 using DVWA
April 27, 2020