Today I’m excited to share my latest development project: HackerFlix.net! HackerFlix is a curated directory of documentaries, docuseries, movies, and tv shows about computers, hacking, technology, privacy, cyberpunk and Internet culture. Keep reading to learn about the architecture and my experience building the site.

Jason is an easy box where we’ll practice exploiting insecure deserialization in NodeJS. To make it a little more interesting, this is a blind vulnerability, meaning we’ll have to find some other way besides checking if our input is reflected back to us to verify code execution.

Glitch is a vulnerable NodeJS application with a backdoor in its API which we’ll use to establish an initial foothold. The post-exploitation portion of this box was a lot of fun! We’ll see how to exfiltrate a user’s Firefox profile and run it locally to access their saved logins. After that, escalating to root is more straightforward.