[HTB] JSON — Write-up (OSWE-Prep)

Json was a medium difficulty Windows box. Good learning path for:

  • JSON-based deserialization (Bearer: header)
  • JuicyPotato Exploit (SeImpersonatePrivilege)

Initial Recon

Nmap

# nmap -Pn --open -sC -sV -p- -T4 10.10.10.158PORT     STATE  SERVICE      VERSION
21/tcp

--

--

--

OSWE | OSCE | OSCP | CREST | Lead Offensive Security Engineer — All about Penetration Test, Red Team, Cloud Security, Web Application Security

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Limitless data plan

Privacy, fundamental rights, and freedom

What happens when a billion People use Xare

How Digital KYC Can Prevent Ponzi Schemes In The US

Ponzi | Financial Scams | US Banking

{UPDATE} Dirt Bike Racing Stunts Hack Free Resources Generator

{UPDATE} Piano CCB Hack Free Resources Generator

Vulnhub: Lampião (Walkthrough)

Identity Federation In AWS (Pt. 1)

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
bigb0ss

bigb0ss

OSWE | OSCE | OSCP | CREST | Lead Offensive Security Engineer — All about Penetration Test, Red Team, Cloud Security, Web Application Security

More from Medium

Log4Shell : A critical 0 Day

Automate Call Box Access Using Twilio

Cyber Security: Adware and Spyware

HTB Vpn on Kasm using KALI made easy.

ssh and login to your ssh KASM server