Possibly Related Threads…

osamy7593 · May 24, 2024, 11:16 AM

https://app.hackthebox.com/competitive/5/overview
let's pwn it guys

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Asking for rep is not allowed

macavitysworld · (This post was last modified: May 24, 2024, 12:12 PM by macavitysworld.)

“xss-morty” >> “buffer overflow-alex “ >> “pickle deserialization-docker root” >> “escape container-root”

PWNED!

osamy7593 · (This post was last modified: May 24, 2024, 12:31 PM by osamy7593.)

(May 24, 2024, 12:12 PM)macavitysworld Wrote: “xss-morty” >> “buffer overflow-alex “ >> “pickle deserialization-docker root” >> “escape container-root”

PWNED!

can u give more details

(May 24, 2024, 12:12 PM)macavitysworld Wrote: “xss-morty” >> “buffer overflow-alex “ >> “pickle deserialization-docker root” >> “escape container-root”

PWNED!

what payload for xss

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Asking for rep is not allowed

osamy7593 · May 24, 2024, 11:03 PM

rooted............................

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Asking for rep is not allowed

psy00ps1337 · May 29, 2024, 02:45 AM

can someone find the workaround for the smtp service? it has been removed from the box

CJ456 · Jun 02, 2024, 05:50 AM

(May 24, 2024, 12:12 PM)macavitysworld Wrote: “xss-morty” >> “buffer overflow-alex “ >> “pickle deserialization-docker root” >> “escape container-root”

PWNED!

Can you give more details about this

j868K3792 · Jun 04, 2024, 11:29 AM

(May 29, 2024, 02:45 AM)psy00ps1337 Wrote: can someone find the workaround for the smtp service? it has been removed from the box

The box was patched, now there is no unintended ways and you should exploit binary to pwn it.

octubrerojo · Jun 05, 2024, 09:40 PM

Has anyone any idea on how to proceed?? The machine is patched and i would like to complete it again.

Need nudge for foothold, don't know what to do with the web page...

j868K3792 · Jun 06, 2024, 02:10 PM

(Jun 05, 2024, 09:40 PM)octubrerojo Wrote: Has anyone any idea on how to proceed?? The machine is patched and i would like to complete it again.

Need nudge for foothold, don't know what to do with the web page...

SSRF to get subscription. Then XSS in QR code to steal stuff session. That is web site part.

ZeetaOnline · Jun 09, 2024, 03:05 PM

(Jun 06, 2024, 02:10 PM)j868K3792 Wrote:
(Jun 05, 2024, 09:40 PM)octubrerojo Wrote: Has anyone any idea on how to proceed?? The machine is patched and i would like to complete it again.

Need nudge for foothold, don't know what to do with the web page...

SSRF to get subscription. Then XSS in QR code to steal stuff session. That is web site part.

Yup!! But of no use.. morty doesn't have the user flag...

Possibly Related Threads…
Thread		Author	Replies	Views	Last Post
	[FREE] 300+ Writeups PDF HackTheBox/HTB premium retired	Tamarisk	370	92,363	4 hours ago Last Post: lifolifo007
	Hack the box Pro Labs, VIP, VIP+ 1 month free Method	RedBlock	23	2,200	7 hours ago Last Post: kkkato
	[FREE] HackTheBox Academy - CBBH CDSA CPTS All Modules Flags	Techtom	20	2,505	Yesterday, 11:06 PM Last Post: op334
	[FREE] HackTheBox All Cheatsheets	Tamarisk	3	406	Yesterday, 10:36 PM Last Post: op334
	CBBH Write Ups	hiddenhacker	22	6,237	Yesterday, 06:39 AM Last Post: Usercomplex