Offensive Security Society
@ California State University, Fullerton
OSS has taken part in various competitions and is very active in online CTFs and HTB challenges. Although many think it is just hacking, that is not the case. In most of these events, the hacking is around 40% to 50% of the work, while the rest of it is writing reports. Here are a few examples of previous reports that OSS members have done in the past.
Unfortunately, it seems that the links to the following writeups are currently down. Please be patient as we restore them.
Update: We now have student writeups for "Laboratory", "Doctor", and "Academy"
Table of Contents
-
-
HTB Linux machine Difficulty: Easy
-
Initial Foothold - SQL Injection.
-
Privilege Escalation - Hijack Command Execution by Path Interception
-
-
-
HTB Linux machine Difficulty: Medium
-
Initial Foothold - SQL Injection through GET parameter.
-
Privilege Escalation - Exploiting SUID systemctl
-
-
-
HTB Linux machine Difficulty: Easy
-
Initial Foothold - File upload bypass vulnerability.
-
Privilege Escalation - Unsanitized user input injection
-
-
-
HTB Linux machine Difficulty: Easy
-
Initial Foothold - RCE via an outdated version of Magento
-
Privilege Escalation - Manipulating a misconfiguration in /etc/sudoers
-
-
-
HTB Windows machine Difficulty: Easy
-
Initial Foothold - Client-Side Attacks
-
Privilege Escalation -SUID
-
-
-
HTB Linux machine Difficulty: Easy
-
Initial Foothold - Server-Side Template Injection
-
Privilege Escalation - Command Injection
-
-
HTB Academy or this secondary HTB Academy writeup
-
HTB Linux machine Difficulty: Easy
-
Initial Foothold - RoleID
-
Privilege Escalation - Privesc mrb3n → Root
-