Hack The Box - Vessel [Hard] - Walkthrough

Since it becomes very time consuming doing this in a video this write-up is going to be in a text.

The machine is labeled hard with a good reason, most of the tasks are time consuming but there are some interesting vulnerabilities like CVE-2022-0811 and CVE-2022-24637.

On top of these we have NoSQL Injection and some PE reverse engineering.

Flag 1

First I began enumerating the whole website with ffuf.

$ ffuf -w ~/Tools/SecLists/Discovery/Web-Content/common.txt -u "http://vessel.htb/FUZZ" -fs …

box consuming cve doing engineering flag hack hacking hack the box hackthebox hard injection machine nosql pentest python reverse reverse engineering text video vulnerabilities walkthrough website write-up