[HTB] Unattended — Writeup (OSWE-Prep)

Unattended was a medium difficulty Linux box. Good learning path for:

  • Nginx off-by-slash Attack
  • SQLi (boolean-based Blind)
  • SQLi → LFI (Abusing Existing <?php include(); ?>)
  • LFI → PHP Session Poisoning → RCE
  • Socket TTY Shell
  • Linux initrd Exploit

--

--

--

OSWE | OSCE | OSCP | CREST | Lead Offensive Security Engineer — All about Penetration Test, Red Team, Cloud Security, Web Application Security

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

[ExpDev] Custom Go Crypter

{UPDATE} WordPile Hack Free Resources Generator

Coinplug launches the Blacklist Sharing Platform

HOW CAN I UPGRADE MY INTERNET SPEED WITHOUT SPENDING MONEY

Cream Finance Insufficient Validation Bugfix Review

Free educational Resources for Cybersecurity

{UPDATE} 水平思考 ウミガメのスープ Hack Free Resources Generator

What more you can do with vulnerability data?

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
bigb0ss

bigb0ss

OSWE | OSCE | OSCP | CREST | Lead Offensive Security Engineer — All about Penetration Test, Red Team, Cloud Security, Web Application Security

More from Medium

Road to OSCP 11: Blocky HackTheBox

TryHackMe: Linux Strength Training Walkthrough

HackTheBox — Shibboleth Writeup

Admin has the power cybertalents challenge solving writeup