This was an awesome linux box by HackThebox. This box enabled us to play around with CVE-2021–43798 and leaking the files for grafana such as the database files. Upon recieving the file called grafana.db we run sqlite3 on our machine and enumerate the file. Upon enumeration we managed to get…

Overview: This room in TryHackMe was created by the user cmnatic. This was an easy yet amazing room to learn about and leverage an SSTI(Server Side Template Injection ) vulnerability in the PUG templating engine which is available for node.js and gain an RCE (Remote code Execution) on the server. PUG…

Welcome back everyone to this long awaited writeup on the machine called Trick. Trick is an easy rated linux box which is hosted on HackTheBox. Running an initial NMAP scan showed us 4 open ports which were 80,22,25 and 53. Enumerating port 53 further we find a vhost “prepod-payroll.trick.htb” after…