Recent
CVE 2024-37397 - Ivanti Endpoint Manager XXE Vulnerability
·2762 words·13 mins
This blog provides an in-depth analysis of the exploitation process for an unauthenticated XXE vulnerability in Ivanti Endpoint Manager, identified as CVE-2024-37397.
CVE 2024-4040 - CrushFTP Server-Side Template Injection Vulnerability Analysis
·4802 words·23 mins
This blog post contains a thorough analysis of Server Side Template Injection vulnerability in a commercial Managed File Transfer product named CrushFTP.
Exploit Dev: EggHunting Explained
·1650 words·8 mins
EggHunting, if simply put, is a technique in exploit development which is used to search for a specific keyword in an application memory space to further aid in the exploit if there is a length restriction.
HackTheBox - Only4You
·2453 words·12 mins
Writeup for HackTheBox’s Only4You machine.
only4you.htb seemed like a static site with the contact functionality where we had some input fields, directory busting did not reveal anything interestin:
HackTheBox - Mailroom
·4342 words·21 mins
Writeup for HackTheBox’s Mailroom machine.
Starting off with the nmap scan, we can see that port 80 and 22 is open: