https://hussienmisbah.github.io/tags/rce/ Recent content in Rce on 0xMesbaha Hugo en Wed, 28 May 2025 12:49:18 +0200 https://hussienmisbah.github.io/posts/code-review/2025-05-29-jdbcleak-egcert-finals/ Wed, 28 May 2025 12:49:18 +0200 https://hussienmisbah.github.io/posts/code-review/2025-05-29-jdbcleak-egcert-finals/ <p><em>JDBCLeak Leak was a challenge introducted in EGCERT CTF Finals 2025 under the category R&amp;D , tbh i didn&rsquo;t even look at the challenge during CTF Time , didn&rsquo;t expect this category to introduce such good example of a real case code review challenge , however after reading the author&rsquo;s blog <a href="https://bitthebyte.medium.com/here-is-what-you-missed-during-the-egcert-ctf-2025-finals-927297143d9a" target="_blank" rel="noopener noreffer ">here</a> about the category and challenge i thought of trying it myself and create a POC for it to get rce reading /flag.txt , we got 3rd place btw :&ldquo;D</em></p> https://hussienmisbah.github.io/posts/linux-machines/2022-03-11-devzat/ Fri, 11 Mar 2022 00:45:12 +0900 https://hussienmisbah.github.io/posts/linux-machines/2022-03-11-devzat/ <p>In this Hackthebox we will get a user access through a command injection in a vhost , then will make port forwarding to find a service that will give us the password for another user who have access to some backups, in this backups we can find the source-code for a bot , the bot has 2 versions one of them is running locally and it has a command &ldquo;file&rdquo; which allows us to read any file on the sytsem we will make port forwarding one more time to read the root private key and login as root</p> https://hussienmisbah.github.io/posts/linux-machines/2022-01-27-previse/ Thu, 27 Jan 2022 00:45:08 +0200 https://hussienmisbah.github.io/posts/linux-machines/2022-01-27-previse/ <p>In this Writeup you will find walkthrough of the retired machine previse From Hackthebox</p>