We’re back again! (Back once again like the renegade master)
Took a slight break but we back again and for the remainder of the year I will look at the Hackthebox CREST CRT Track!
This is what I will be working towards come the new year and on into 2025.
As shown below – I’ll be starting off with the BountyHunter box.
The BountHunter box was frustrating at times as the XXE exploit that was supposed to work did not during my time with the box.
base64 encoding the XXE exploit and then URL encoding was a pain as this worked perfeclty when endcoding the /etc/passwd file for the POC.
But I did learn about the conditions that are required to trigger an XXE and finally finished the box with a little help from le guido!
Until next time Zàijiàn!