Shubham Kumar

Hackthebox - Worker 2021-01-30|htbmachinesretired|writeup-retired-hackthebox-medium-windows-svn-pipeline

Summary

Worker,a Windows box created by HackTheBox user ekenas was a Medium box,and was focused more toward version control and build pipelines. The Initial foothold was finding a SVN repository cloning it and checking out versions for subdomains and a credentials. Using the credential and login in to devops subdomain we see the user have access to the repositories. Committing to that we see when we merge to master that code get deployed to other subdomains (I used alpha subdomain) using that we can get a shell. enumerating for user we find we have another drive mounted as W: Checking in that we get a credential for robisl user using which we can winrm and get user.txt. Checking that credential back on devops we see we can login. Fiddling around i saw i can create pipelines. so used that to create a pipeline to get me a reverse shell as System.

Hackthebox - Compromised 2021-01-23|htbmachinesretired|linux-writeup-retired-hackthebox-hard-mysql-reverse-engineering-pam_unix-exploit

Summary

Compromised is a Linux, hard box is a created by D4nch3n, Initial foothold was finding the backup and finding credentials for litecart and using that we can upload arbitrary file. using that we can a upload a MySQL php client to run queries and checking mysql UDF functions. and checking passwd we found mysql have bash shell. using the exec_cmd we can write our ssh_key to authorized_keys and ssh on the box as mysql. Enumerating the box we find a pam_unix.so Reverse Engineering that we get a password using that we can su as root

Hackthebox - Omni 2021-01-07|htbmachinesretired|writeup-retired-hackthebox-easy-windows-sireprat

Summary

Omni, a Windows IOT box created by HackTheBox user egre55, was an overall easy difficulty box. The initial foothold was about finding SirepRAT issue on Windows IOT machines and using that to get a shell on the box. Enumerating the box, we find a bat file in C:\Program Files\WindowsPowerShell\Modules\PackageManagement using port 8080 we can get reverse shell as app user and then as Administrator.

Test Driven Development (URL Shortner App) 2020-12-27|node|node-test-mocha-chai-supertest-express-tdd

Never done a Test Driven Development and only Read about it. I thought its about time to learn and try this so I created an empty GitHub Repo node-testing and initialized that as a empty node project commit.

Hackthebox - OpenKeys 2020-12-12|htbmachinesretired|cve-linux-writeup-retired-hackthebox-medium-auth-bypass

Summary

OpenKeys is a OpenBSD, medium box is a created by polarbearer & GibParadox. Initial foothold was Bypassing Authentication by using a CVE. which get us user private key. Privilege Escalation as also related to CVE and getting root.