One click root | Runner from HackTheBox

The journey begins by using a custom word list to find a subdomain running TeamCity 2023.05.03, which is vulnerable to CVE-2023-42793. This vulnerability allows the creation of a privileged user without authentication. Next, a backup containing a private key is found, providing the first SSH access as a…

MonitorsTwo from HackTheBox

Box overview MonitorsTwo is an easy box created by kavigihan combining the exploitation of Cacti (CVE-2022-46169) as entry point then privilege escalation by exploiting the CVE-2021-41091. Initial foothold Add the IP to the hosts file Firstly, I will update the hosts file entry with the box hostname and its IP.…

DNS Shield for ads blocking and malwares

DnsShield is a powerful and user-friendly script designed to automate the updating process of blocklists for Dnsmasq. With DnsShield, you can effortlessly maintain an up-to-date and comprehensive blocklist, enhancing security and privacy by blocking access to malicious or unwanted domains.…