D4mianWayne

This blog post contains a thorough analysis of Server Side Template Injection vulnerability in a commercial Managed File Transfer product named CrushFTP.

EggHunting, if simply put, is a technique in exploit development which is used to search for a specific keyword in an application memory space to further aid in the exploit if there is a length restriction.

Writeup for HackTheBox’s Only4You machine. only4you.htb seemed like a static site with the contact functionality where we had some input fields, directory busting did not reveal anything interestin:

Writeup for HackTheBox’s Mailroom machine. Starting off with the nmap scan, we can see that port 80 and 22 is open:

Writeup for HackTheBox Busqueda Machine Starting off with the nmap scan, we see that it has HTTP and SSH, as expected.