Tag: valentine

25 may 2018 · Pablo Plaza Martínez · writeups
WriteUp - Valentine (HackTheBox)
Valentine write-up (HackTheBox): classic Linux machine that exploits Heartbleed (CVE-2014-0160) to extract Apache's RSA private key, then uses the key to connect via SSH and escalate to root with a vulnerable binary.
18 may 2018 · Manuel López Pérez · writeups
WriteUp - Canape (HackTheBox)
Canape write-up (HackTheBox). Intermediate Linux machine that exploits an insecure pickle deserialisation in Flask + CouchDB. Includes RCE via pickle payload, CouchDB enumeration, and escalation to root by abusing sudo pip install.