TryHackMe: Dave's Blog Writeup

Dave’s Blog is a room over at TryHackMe with a hard difficulty rating. Dave is ready to show his blog to the world, but he forgot to properly secure his super secret admin panel. After some NoSQL injection to bypass the admin login page, we’re able to send off code that is executed by a Node.JS runtime hosted on the server. The final step to root involves exploiting a binary in one of many possible ways thanks to return-oriented programming.

Read more.

Analyzing noscript usage, and being tracked in the process

When designing the theme for my personal blog, I wanted to make sure that the site would work just fine with JavaScript disabled. All kinds of scripts on this site are merely to add some neat little features here and there. However, this made me wonder about the state of the modern web and its reliance on scripts in the browser. What happens if you strip them away? I checked how websites deal with browsers that don’t allow JavaScript, taking the noscript HTML element as my metric of choice. And although fewer websites broke than I initially suspected, it shows that you don’t need scripts to effectively track people.

Read more.

HackTheBox: Registry Writeup

Registry is a vulnerable Linux machine hosted over at HackTheBox with a difficulty rating of 5.7 out of 10. It hosts a Docker registry with lack of proper authentication. Login credentials can be found looking into a Docker image that can be pulled from said registry. From there, the path to root incorporates tricking a CMS into uploading a web shell and using a backup utility to get access to files that wouldn’t normally be accessible by anyone.

Read more.