Welcome back to the final blog in de series "How to hack a box"! In this blog we’ll cover the basics of Privilege Escalation and see it in practice on the Blocky box from Hack The Box.

Welcome back to the blog series about how to hack a box! In the past few blogs we’ve gone through a few steps which gives you an idea of how you can hack a box. We went from the Introduction, to Exploration, to Gaining Access. In this blog, we’ll cover the basics of Enumeration.

The time is right. Your work is done. The last letter of your Java code has been written. You let the IDE compile the code and a new running version of your app is ready to be released. You’ve done this a thousand times, there’s nothing new on the horizon. The question of what lies beneath, what happens under the hood, has never occurred to you. Until now!

When code evolves we usually deprecate old code. Sometimes we come across deprecations without any hints with what to replace it with. Kotlin has a solution for this by allowing you to specify a replace instruction.

For example, we created have an old REST client.

Spring boot supports a non-blocking programming model with the spring-webflux module. Webflux supports a Reactive API using the Reactor library Flux and Mono API types. This model forces you to write your code in a different style than most people are used to. It generally is much harder to follow and debug.

This post shows you a short example of using Kotlin’s Coroutines instead of Reactor to write your code in a more imperative and easier to follow style. It includes examples of using Retrofit as HTTP client to access external API’s concurrently in a non-blocking way.

Apaches fluent httpclient API is a facade API to simplify the httpclients usage for standard use cases. It’s also better readable and results in cleaner code. In this post we’ll see how to use a custom SSLContext with the fluent API. We’ll use the new 5.0 version because it contains some changes compared to 4.x.

Welcome back to the blog series about how to hack a box! In this third post I’ll guide you through the second step: gaining access.

In Clojure we can get part of a vector collection using the subvec function. The function takes a vector as argument, a required begin index and optional end index. The returned value is a vector with part of the values of the original vector starting from the begin up to the end index. If we leave out the optional end index, the size of the vector is used as end index.

In the following example we use the subvec function with and without the end index:

To split a collection in Clojure we can use the split-with and split-at functions. The split-with function takes a predicate as first argument and a colletion as second argument. The function will return a vector with two items. The first item is the result of the function take-while with the given predicate. The second item in the result vector is the resul of the drop-while function with the same predicate.

We use the split-at function with a number as first argument followed by a collection to split based on a given number of items. Instead of using a predicate we can define the number of items that we want as the first item in the result vector. The first item in the result vector is the result of invoking the take function. The resulting number of items of the collection will be the second item in the result vector and is achieved by invoking the drop function.

In Clojure we can use the shuffle function with a collection argument to get a new collection where the items of the input collection are re-ordered randomly. The function delegates to the Java java.util.Collections#shuffle method.

In the following example code we use the shuffle method: