hg8's Notes — My notes about infosec world. Pentest/Bug Bounty/CTF Writeups.https://hg8.sh/icon.png2025-12-28T17:19:16.219Zhttps://hg8.sh/hg8HexoHackTheBox - White Rabbithttps://hg8.sh/posts/whiterabbit/2025-12-12T23:00:00.000Z2025-12-28T17:19:16.219Z<img width="578" alt="whiterabbit-hackthebox" src="/images/whiterabbit/WhiteRabbit.png">
<p>White Rabbit just retired on HackTheBox. ThisHackTheBox - Eurekahttps://hg8.sh/posts/eureka/2025-08-29T22:00:00.000Z2025-10-05T09:44:51.251Z<img width="578" alt="eureka-hackthebox-infocard" src="/images/eureka/Eureka.png">
<p>Eureka just retired on HackTheBox, and it was aHackTheBox - Cypherhttps://hg8.sh/posts/cypher/2025-07-25T22:00:00.000Z2025-10-05T09:42:53.420Z<img width="578" alt="cypher-hackthebox" src="/images/cypher/Cypher.png">
<p>Cypher just retired! It was a Medium difficulty Linux machineHackTheBox - Cathttps://hg8.sh/posts/cat/2025-07-04T22:00:00.000Z2025-07-07T08:41:03.076Z<img width="578" alt="cat-hackthebox" src="/images/cat/Cat.png">
<p>‘Cat’ box from HackTheBox has just been retired, and it was a solidPwnable.kr - flaghttps://hg8.sh/posts/pwnable/flag/2023-11-11T23:00:00.000Z2025-06-06T10:25:05.373Z<p><img src="https://github-production-user-asset-6210df.s3.amazonaws.com/9076747/282297542-4a536c54-7ff6-45ee-a8da-72bed96925a2.png"Pwnable.kr - bofhttps://hg8.sh/posts/pwnable/bof/2023-11-04T23:00:00.000Z2025-06-06T11:11:50.506Z<p><img src="https://github-production-user-asset-6210df.s3.amazonaws.com/9076747/280545217-a30f8c4a-c968-4793-a4db-722904a7adbe.png"Buffer Overflow: Code Execution By Shellcode Injectionhttps://hg8.sh/posts/binary-exploitation/buffer-overflow-code-execution-by-shellcode-injection/2023-10-27T22:00:00.000Z2025-06-06T10:25:05.380Z<p><img src="https://github.com/hg8/hg8.github.io/assets/9076747/5be7a79d-5052-4ec5-b14f-b34221c5852e" alt="buffer overflow part 3Buffer Overflow: Reversing Assemblyhttps://hg8.sh/posts/binary-exploitation/buffer-overflow-reversing-assembly/2023-09-11T22:00:00.000Z2025-06-06T10:25:05.380Z<p><img src="https://github.com/hg8/hg8.github.io/assets/9076747/ee65be39-04a5-49e2-b21a-b934ef44f696" alt="buffer overflowBuffer Overflow: Introductionhttps://hg8.sh/posts/binary-exploitation/buffer-overflow-introduction/2022-11-21T23:00:00.000Z2025-06-06T10:25:05.380Z<p><img src="https://github.com/hg8/hg8.github.io/assets/9076747/4eec46e9-8a8c-451e-8653-ada526ee7029" alt="buffer overflowHackTheBox - Talkativehttps://hg8.sh/posts/talkative/2022-08-26T22:00:00.000Z2025-06-06T10:25:05.382Z<p><img src="https://user-images.githubusercontent.com/9076747/164916795-5c33ab53-424b-4846-9bff-7b4c19ca529d.png"Bug Bounty Story: Escalating SSRF to RCE on AWShttps://hg8.sh/posts/bugbounty/ssrf-to-rce-aws/2022-07-03T22:00:00.000Z2025-06-06T10:25:05.384Z<p>Hey everyone, not a CTF write-up today but my first Bug Bounty Bounty story: SSRF escalation to RCE on AWS.</p>
<p>The vulnerability wasHackTheBox - AdmirerToohttps://hg8.sh/posts/admirertoo/2022-05-27T22:00:00.000Z2025-06-06T10:25:05.376Z<img alt="admiretoo-hackthebox" src="https://user-images.githubusercontent.com/9076747/166099416-e02b4a36-942c-4177-9532-89b1781b0e85.png"HackTheBox - Fingerprinthttps://hg8.sh/posts/fingerprint/2022-05-13T22:00:00.000Z2025-06-06T10:25:05.387Z<img width="578" alt="figerprint-hackthebox"Misc CTF - Request Smugglinghttps://hg8.sh/posts/misc-ctf/request-smuggling/2022-01-14T23:00:00.000Z2025-06-06T10:25:05.378Z<p>During a CTF I recently came across a very cool challenge on Request Smuggling. I have been wanting to try my theoretical knowledge ofHackTheBox - Travelhttps://hg8.sh/posts/travels/2022-01-01T23:00:00.000Z2025-06-06T10:25:05.386Z<img width="580" alt="travel-hackthebox"Misc CTF - GraphQL Injectionhttps://hg8.sh/posts/misc-ctf/graphql-injection/2021-11-25T23:00:00.000Z2025-06-06T10:25:05.377Z<p>GraphQL is becoming more and more common nowadays and this challenge was the perfect way to digg into the subject and understand theMisc CTF - XXE to SSRFhttps://hg8.sh/posts/misc-ctf/xxe-to-ssrf/2021-10-28T22:00:00.000Z2025-06-06T10:25:05.377Z<p>This fun little challenge highlight two issue at once: XML External Entity (XXE) and Server-side request forgery (SSRF) and show howMisc CTF - PRNG Weaknesshttps://hg8.sh/posts/misc-ctf/PRNG%20Weakness/2021-09-15T22:00:00.000Z2025-06-06T10:25:05.377Z<p>This challenge aims to highlight the weaknesses of PRNG (Pseudorandom Number Generator) algorithms.</p>
<p><strong>Tl;Dr:</strong> TheMisc CTF - XSS to CSRFhttps://hg8.sh/posts/misc-ctf/xss-to-csrf/2021-07-31T22:00:00.000Z2025-06-06T10:25:05.377Z<p>This challenge highlight two issue at once: the very common Cross Site Scripting (XSS), Cross-site request forgery (CSRF) and how bothMisc CTF - Insecure Deserializationhttps://hg8.sh/posts/misc-ctf/insecure-deserialization/2021-04-30T22:00:00.000Z2025-06-06T10:25:05.377Z<p>This challenge highlight an important and too common vulnerability: Insecure Deserialization.</p>
<p>Let’s solve this challenge to