Registry,a Linux box created by HackTheBox user thek, was an overall medium to hard difficulty box.The inital enumeration expose a docker registry from where you can download an image which contain a ssh key for the user.SSH into the box we find nginx config which point us to bolt db. Cracking the password in bolt db we get access to bolt webserver and we can upload a ph0ny shell and get www-data user which have access to run restic backup as root. using that we can get root.
Heist,a Linux box created by HackTheBox user MinatoTW, was an overall easy to medium difficulty box.Leaking cisco password hash with that we can brute SIDs to get more Users and crack other password. At last we need to dump the process to get the password for administrator
Networked,a Linux box created by HackTheBox user guly, was an overall easy difficulty box. It had a backup.zip which was exposed and contain the code of upload code with which we were able bypass the upload and get the RCE and get shell as www-data. enumerating we see a cronjob using which we can get the user and later enumerating that user we find user can run changename.sh without password using which we can get root.
When sudo is configured to allow a user to run commands as an arbitrary user via the ALL keyword in a runAs specification, it is possible to run commands as root by specifying the user ID -1 or 4294967295.
This can be used by a user with sufficient sudo privileges to run commands as root even if the runAs specification explicitly disallows root access as long as the ALL keyword is listed first in the runAs specification.
Log entries for commands run this way will list the target user as 4294967295 instead of root. In addition, PAM session modules will not be run for the command.
Ellignson,a Linux box created by HackTheBox user Ic3M4n, was an overall medium to hard difficulty box.The Initial foothold was getting werzeug debugger and get a low privilege user then get the user by cracking the password for the user from shadow.bak. Root on this box a binary exploitation to get a shell as root, which was hard for me but was really fun.