The post talks about an interesting find of XSS even when the filter was used. It also covers the mistakes that a developer makes while sanitizing input.
Aragog is a medium level linux machine from hackthebox. Initial foothold is based on exploiting XXE and the privilege escalation requires to log the password by creating a backdoor.
Waldo is a medium linux machine from hackthebox. The initial foothold on the box is based on understanding a bunch of .php files that leads to sensitive file read such as the ssh private key. Once inside the box, linux enumeration depicts that there is a docker running. The user of the docker needs to be guessed to get successful entry to…