Author: libertycityhacker

Introduction I need to work on my web penetration testing and Linux privilege escalation every now and then or I forget my essential skills. (I simply prefer Windows exercises more.) Luckily, today’s machine wasn’t too difficult, and it had some XSS client-side attacks I just practiced while getting a foothold on Headless. Enumeration / Initial…

HackTheBox Writeup – Headless (Linux) – Easy Difficulty Introduction Another easy box to get started for my day. It’s been a long time since I’ve done an active machine that wasn’t a little bit harder than I needed it to be. A little client side XSS, a little command injection – like a light jog…

Introduction Today’s exercise is a marginally simple JavaScript web exercise. It’s one of the exercises that can be more difficult if you read into it too much. Simply leveraging back end commands found online can take you a long way. Exercise Visiting the website, we can see it’s a simple JavaScript calculator. Eval is a…

HackTheBox Challenge Writeup – NoThreshold (Web) – Medium Difficulty Introduction I needed to get more web practice, so a medium difficulty challenge seemed good after running through a couple of the easier ones. Ironically, I found this one to be simpler than the easy ones. Simpler… but not necessarily easier, particularly the last part regarding…

HackTheBox Writeup – Jerry (Windows) – Easy Difficulty Introduction I wanted to do an easy box to warm up. In my opinion though, this box was TOO easy. I don’t like the boxes where you only need to exploit one thing. On the simpler boxes, this becomes too simple, and on the harder boxes, they…