Skip to main content
Abraxas

Abraxas

“Just a nerd writing about tech”

Hi, I’m Abraxas, a software developer with a Bachelor’s degree in Computer Science, venturing into the exciting world of infosec.

Learn more

Recent

HTB Zipping

Zipping is a medium-difficulty Linux box hosting a PHP web application with a vulnerable file upload function. This function is susceptible to a file read exploit involving zip archives. By exploiting this flaw, I was able to obtain the application’s source code, revealing a SQL injection vulnerability. I leveraged this vulnerability to write a webshell on the system. Additionally, I discovered that the user rektsu has sudo privileges over a binary, and misconfigurations in shared library objects can be exploited to gain root privileges.

HTB Sau

Sau is an easy linux box that hosts an website on a non standard port. Exploiting an SSRF vulnerability on the site allowed for the exploitation of a command injection flaw within an internal Mailtrail application, leading to a shell as the user puma. Next, user puma has sudo privileges for systemctl, and the less pager is exploited to escalate privileges.