Ophiuchi - HackTheBox Writeup (10.10.10.227)
Medium-difficulty Linux box on exploiting insecure deserialisation vulnerability in a SnakeYAML applet. Privilege escalation by reverse-engineering and forging a deploy-ready WebAssembly binary to exploit a command injection vulnerability in the deploy script.
Tenet - HackTheBox Writeup (10.10.10.223)
Medium-difficulty Linux box about exploiting insecure deserialisation vulnerabilities in a PHP data migration program under development. Privilege escalation by exploiting a race condition between Bash variable references in an SSH backup script.
Feline - HackTheBox Writeup (10.10.10.205)
Hard-difficulty Linux box on exploiting Apache Tomcat CVE-2020-9484 and abusing docker.sock exposure.