Hackthebox - Wall

Summary

Wall,a Linux box created by HackTheBox user askar, was an overall medium difficulty box.The initial foothold was finding the cred for centreon server and the seeing the version is vulnerable and have a RCE using that, we get the reverse shell and user. Privilege Escalation was super simple after enumerating we find screen is a SUID and have a exploit on SearchSploit for that version. Using that we get the root shell.

Read more
Hackthebox - JSON

Summary

JSON,a Windows box created by HackTheBox user Cyb3rb0b, was an overall easy difficulty box. The initial foothold was about finding the json de-serialization issue in ASP .net and getting an RCE with that and using that to get the user. Privilege Escalation was much more easier checking if the box was vurnable to juciy/rotten potato and we find it is and using that to get Root.

Read more
HackTheBox - Registry

Summary

Registry,a Linux box created by HackTheBox user thek, was an overall medium to hard difficulty box.The inital enumeration expose a docker registry from where you can download an image which contain a ssh key for the user.SSH into the box we find nginx config which point us to bolt db. Cracking the password in bolt db we get access to bolt webserver and we can upload a ph0ny shell and get www-data user which have access to run restic backup as root. using that we can get root.

Read more
HacktheBox - Heist

Summary

Heist,a Linux box created by HackTheBox user MinatoTW, was an overall easy to medium difficulty box.Leaking cisco password hash with that we can brute SIDs to get more Users and crack other password. At last we need to dump the process to get the password for administrator

Read more
HackTheBox - Networked

Summary

Networked,a Linux box created by HackTheBox user guly, was an overall easy difficulty box. It had a backup.zip which was exposed and contain the code of upload code with which we were able bypass the upload and get the RCE and get shell as www-data. enumerating we see a cronjob using which we can get the user and later enumerating that user we find user can run changename.sh without password using which we can get root.

Read more