OSS Blog

OSS has taken part in various competitions/events. We also are very active in online CTF challenges and HTB challenges During these events, although many think it is just hacking, that is not the case. In most of these events, the hacking is around 40% to 50% while the rest of it is writing reports. Here are examples of previous reports that we have done in past events/ challenges.

Table of Content

  • HTB Write Up

    • HTB Linux machine Difficulty: Easy

    • Initial Foothold - SQL Injection.

    • Privilege Escalation - Hijack Command Execution by Path Interception

  • HTB Jarvis

    • HTB Linux machine Difficulty: Medium

    • Initial Foothold - SQL Injection through GET parameter.

    • Privilege Escalation - Exploiting SUID systemctl

  • HTB Networked

    • HTB Linux machine Difficulty: Easy

    • Initial Foothold - File upload bypass vulnerability.

    • Privilege Escalation - Unsanitized user input injection

  • HTB Swag Shop

    • HTB Linux machine Difficulty: Easy

    • Initial Foothold - RCE via an outdated version of Magento

    • Privilege Escalation - Manipulating a misconfiguration in /etc/sudoers

  • HTB Laboratory

    • HTB Windows machine Difficulty: Easy

    • Initial Foothold - Client-Side Attacks

    • Privilege Escalation -SUID

  • HTB Doctor

    • HTB Linux machine Difficulty: Easy

    • Initial Foothold - Server-Side Template Injection

    • Privilege Escalation - Command Injection

  • HTB Academy

    • HTB Linux machine Difficulty: Easy

    • Initial Foothold - RoleID

    • Privilege Escalation - Privesc mrb3n -> Root

  • Student Projects