all InfoSec news
Hack The Box - Vessel [Hard] - Walkthrough
DEV Community dev.to
Overview
Since it becomes very time consuming doing this in a video this write-up is going to be in a text.
The machine is labeled hard with a good reason, most of the tasks are time consuming but there are some interesting vulnerabilities like CVE-2022-0811 and CVE-2022-24637.
On top of these we have NoSQL Injection and some PE reverse engineering.
Write-up
Flag 1
First I began enumerating the whole website with ffuf.
$ ffuf -w ~/Tools/SecLists/Discovery/Web-Content/common.txt -u "http://vessel.htb/FUZZ" -fs …
box consuming cve doing engineering flag hack hacking hack the box hackthebox hard injection machine nosql pentest python reverse reverse engineering text video vulnerabilities walkthrough website write-up