· 18 min medium Linux Inception
HTB: Inception
A layered exploitation chain through dompdf LFI, WebDAV file upload, LXC container escape via anonymous FTP reconnaissance, and apt pre-invoke hook injection through TFTP.
#htb
#linux
#squid-proxy
#webdav +2
· 14 min easy Windows Grandpa
HTB: Grandpa
A buffer overflow in IIS 6.0's WebDAV handler delivers code execution on Windows Server 2003, and token kidnapping completes the escalation to SYSTEM.
#htb
#iis
#webdav
#windows +2
· 14 min easy Windows Granny
HTB: Granny
IIS 6.0 with WebDAV enabled permits unauthenticated file upload via PUT and MOVE, bypassing extension restrictions to deploy an ASPX webshell. Token kidnapping (MS09-012) escalates NETWORK SERVICE to SYSTEM on Windows Server 2003.
#htb
#iis
#webdav
#windows +1