#Insecure_Deserialisation

Ophiuchi - HackTheBox Writeup (10.10.10.227)

Medium-difficulty Linux box on exploiting insecure deserialisation vulnerability in a SnakeYAML applet. Privilege escalation by reverse-engineering and forging a deploy-ready WebAssembly binary to exploit a command injection vulnerability in the deploy script.

Posted on Sat, Jul 17, 2021 Medium Linux Web Application Insecure Deserialisation WebAssembly

Tenet - HackTheBox Writeup (10.10.10.223)

Medium-difficulty Linux box about exploiting insecure deserialisation vulnerabilities in a PHP data migration program under development. Privilege escalation by exploiting a race condition between Bash variable references in an SSH backup script.

Posted on Tue, Jun 22, 2021 Medium Linux Insecure Deserialisation WordPress Race Condition

Feline - HackTheBox Writeup (10.10.10.205)

Hard-difficulty Linux box on exploiting Apache Tomcat CVE-2020-9484 and abusing docker.sock exposure.

Posted on Tue, Mar 2, 2021 Hard Linux Insecure Deserialisation SaltStack Salt Docker