Hackthebox - Unobtainium

Summary

Unobtainium is a Hackthebox hard linux machine created by felamos.

Read more
Hackthebox - Knife

HackTheBox - Knife

Summary

Knife was a easy linux hackthebox machine by author MrKN16H. Initial Foothold was using the recent php git server where someone committed a backdoor and tried to publish the backdoor-ed php. Using which we get a shell. and later we see an suid python script using which we get Root.

Read more
Hackthebox - Love

Summary

Love is an easy linux box created by pwnmeow.
Initial Foothold was finding a credentials with a staging file scanner and using that to login to admin route of voting system. and uploading a php shell using which we get a shell.After getting shell running winPEAs we see we have AlwaysInstallElevated privilege. using which we get Administrator shell.

Read more
Hackthebox - TheNoteBook

The Notebook

Summary

The Notebook, a linux medium difficulty box was created by Hackthebox user mostwanted002.Initial Foothold of the box was using our own key server and forging the auth (JWT) token and pointing the kid to be a remote kid and getting admin capabilities. which gave us access to an admin panel which have upload feature, using which we can get a reverse shell as www-data. Lateral movement to noah was easy it was about finding the backup of user home folder which contained the private key of user using which we can ssh to the user. After getting enumerating the box we see (ALL) NOPASSWD: /usr/bin/docker exec -it webapp-dev01* which means we can exec into a pod. enumerating more and google around escaping docker container we see we can do that using a CVE CVE-2019-5736 using which we get root on the box.

Read more
Hackthebox - Armageddon

Summary

Armageddon was a easy linux machine by bertolis on HTB. Initial foothold was finding a drupal instance. and enumerating this more we find the version which has a unauthenticated RCE using which we get a shell. Privilege Escalation was exploiting sudo snap with gtfobins to get root.

Read more