Cracking the Arctic Box.

tl;dr

• Adobe ColdFusion 8
• MS10-059
• CVE-2009-2265

Cracking Valentine box without using metasploit.

tl;dr

• HeartBleed Vulnerability
• CVE-2014-0160

How to crack Nibbles box without Metasploit.

tl;dr

• Nibbleblog v4.0.3 Code Execution
• CVE-2015-6967

tl;dr

• Unintended Solution: Cookie Path Restriction bypass using pop-up windows + JS Sandbox Escape
• Intended Solution: Service Workers + JS Sandbox Escape

tl;dr

• Payload: {"widgetName":"constructor","widgetData":"{\"prototype\":{\"srcdoc\":\"<script src='/admin/debug/add_widget?panelid=star7rix&widgetname=test123&widgetdata=%27%29%2C%28%27star7rix%27%2C+%28select+flag+from+flag%29%2C+%27%7B%22type%22%3A%22test123%22%7D%27%29+--'></script>\"}}"}

How to crack Shocker box without Metasploit.

tl;dr

• ShellShocker exploit
• Apache mod_cgi

tl;dr

In this post, we are going to share our research into PKES systems and the possibility of Relay attacks on such systems.

tl;dr

• Decrypt the bitlocker encrypted drive
• extracting the flag from deleted PDF

tl;dr

• Abusing a stack overflow on a RISC-V binary to then return to shellcode.

tl;dr

• Buffer overflow in AArch64
• Bypass pointer authentication to leak libc and get shell