python deserialization

Canape hackthebox Writeup
HackTheBox / Information Security / linux

Canape hackthebox Writeup

Hey pentesters! In this post blog post, I am gonna walk you through canape that is a medium linux machine from hackthebox. Summary The initial foothold on the box is based on python pickle injection that leads to remote code execution. Privilege escalation to user exploits a vulnerability in couchdb that can be leveraged to create a dummy user with _admin role.…

0 Comments
June 25, 2020
Understanding insecure deserialization
HackTheBox / Information Security

Understanding insecure deserialization

Hello everyone!! Serialization is a concept that is being implemented for very long, but the vulnerability has got much traction in recent years. In the OWASP top 10 list, 2017, insecure deserialization is positioned at 8th which has furthermore attracted hackers and pentesters to explore on the vulnerability. So lets deep-dive in understanding what exactly is serialization. It is a process of…

0 Comments
April 27, 2020