HackTheBox - Onetwoseven

Summary

Onetwoseven,a Linux box created by HackTheBox user jkr, was an overall hard difficulty box.I really enjoy this box.The foothold for this Linux box craftily utilizes symbolic links and port forwarding through sftp to gain access to the admin interface. This ultimately leads to RCE and a shell after some addon-based web exploitation. For escalating to the root user, we take advantage of the available apt sudo commands while performing a man-in-the-middle package injection via http-proxy.

Read more
HackTheBox - Chaos

Summary

Chaos,a Linux box created by HackTheBox user felamos, was an overall simple medium-difficulty box.This box surrounded around credentials reuse and had a little exploitation.It taught me how to use openssl to connect to a mail server and read mails without any mail client.It also taught me little about working with Latex.Root in this box was pretty simple you just had to find and extract the password from Firefox saved password

Read more
HackTheBox - Lightweight

Summary

Lightweight,a Linux box created by HackTheBox user 0xEA31, was an overall easy-medium difficulty box.It was a fun box that uses Linux capabilities set on tcpdump so we can capture packets on the loopback interface and find credentials in an LDAP session. We then find more credentials in the source code of the web application and finally priv esc to root by abusing a copy of the openssl program that all has Linux caps set on it.

Read more
HackTheBox - Irked

Summary

Irked,a Linux box created by HackTheBox user MrAgent, was an overall easy difficulty box.This box involved around finding an exploit on irc and getting a low-privilege shell, after we have a shell there is a hint on the box which point us toward steganography which give us a password using which we can get user.Root on this box was about finding a SUID set non standard binary which is executing anything in /tmp/listusers.

Read more