Hackthebox - Updown|htbmachinesretired|linux-retired-medium-gtfobins-git-leak-phar-proc_open-python2-input-easy_install

HackTheBox - Updown

Author: AB2

Read more
Hackthebox - Shoppy|htbmachinesretired|linux-retired-easy-gtfobins-docker-reverse-engineering-mattermost-broken-authentication

Summary

HackTheBox - Shoppy is a HackTheBox easy linux machine created by lockscan. Had a injection which lead to broken authentication. with more injection we where able to leak admin credentials using which we can access mattermost on that we get ssh credentials and get access to box checking sudo -l we see password manager can be ran as user deploy getting the password we can get deploy user shell password. As deploy user we are in docker group using which we can get root on the box.

Read more
Hackthebox - Health|htbmachinesretired|linux-writeup-retired-hackthebox-easy-lfi-sqli

Hackthebox - Health

Author: irogir

Read more
Hackthebox - Support|htbmachinesretired|retired-hackthebox-easy-windows-ldap-shares-silver ticket
nmap12345678910111213141516171819202122232425262728293031323334353637# Nmap 7.92 scan initiated Sun Jul 31 00:30:10 2022 as: nmap -sC -sC -vvv -oN nm ...
Read more
Hackthebox - Moderators|htbmachinesretired|linux-writeup-retired-hackthebox-hard-lfi-magic byte-vdi cracking-brandfolder

Summary

HackTheBox - Moderators is a Hard Linux machine that features a PHP web application that uses a library which is
vulnerable to file upload using which we can get a code execution by uploading a php file. Later we can find a Dev Version of the same application which is a wordpress application and had brandfolder plugin which was vulnerable to an LFI. using which we can upload a custom wp_load.php and execute to get user lexi. Updating wp admin credential we can get john user. From there it was all about mounting an encrypted vdi and getting root credential.

Read more