Challenge SSTIC 2023 - stage 0 & 1

Posted on 25 May 2023 in security • Tagged with security, CVE-2022-44268, ImageMagick, SSTIC • 7 min read

A dog

As each year the French Security conference SSTIC release a security challenge prior to the conference.

This year the challenge seemed "easier" than the previous year as the stage 1 got 135 validations versus 86 validations in 2022.

This article will detail my solution for the step 0 and the step 1.

Continue reading

HTB: Meta

Posted on 12 Jun 2022 in security • Tagged with security, boot2root, HTB, subdomain, exiftool, ImageMagick, neofetch • 4 min read

Meta card

This is a writeup about a retired HacktheBox machine: Meta publish on January 22, 2022 by Nauten. This box is rated as a medium machine. It implies subdomain enumeration, a vulnerability in exiftool, another on in ImageMagick and a too permissive sudo command.

Continue reading