bigb0ss

Apr 13, 2021

10 min read

[HTB] Unattended — Writeup (OSWE-Prep)

Unattended was a medium difficulty Linux box. Good learning path for:

  • Nginx off-by-slash Attack
  • SQLi (boolean-based Blind)
  • SQLi → LFI (Abusing Existing <?php include(); ?>)
  • LFI → PHP Session Poisoning → RCE
  • Socket TTY Shell
  • Linux initrd Exploit

--

--

More from bigb0ss

OSWE | OSCE | OSCP | CREST | Lead Offensive Security Engineer — All about Penetration Test, Red Team, Cloud Security, Web Application Security

Love podcasts or audiobooks? Learn on the go with our new app.

Try Knowable

Recommended from Medium

Ailina Hamid

{UPDATE} Bubble Shooter Pop 2017 Hack Free Resources Generator

Geraldine Waddington

{UPDATE} Monster Truck Soccer Cup 3D Hack Free Resources Generator

Raichel White

Top 9 Internet Safety Tips to Stay Safe

Amber Copland

{UPDATE} MOWIE Guess Movie Cinema Quiz Hack Free Resources Generator

Josh Buckland

Creating a secure, portable OS

MrsThreshold

in

ThresholdNetwork

Keep Legacy Stake Upgrade

Diahann Gilligan

{UPDATE} Dino Dana: Dino Exhibit Hack Free Resources Generator

Kuzivakwashe Muvezwa

GDPR Condensed

AboutHelpTermsPrivacy

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
bigb0ss

bigb0ss

OSWE | OSCE | OSCP | CREST | Lead Offensive Security Engineer — All about Penetration Test, Red Team, Cloud Security, Web Application Security

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Knowable