Knife was a easy linux hackthebox machine by author MrKN16H. Initial Foothold was using the recent php git server where someone committed a backdoor and tried to publish the backdoor-ed php. Using which we get a shell. and later we see an suid python script using which we get Root.
Love is an easy linux box created by pwnmeow.
Initial Foothold was finding a credentials with a staging file scanner and using that to login to admin route of voting system. and uploading a php shell using which we get a shell.After getting shell running
winPEAs we see we have
AlwaysInstallElevated privilege. using which we get
The Notebook, a linux medium difficulty box was created by Hackthebox user mostwanted002.Initial Foothold of the box was using our own key server and forging the auth (JWT) token and pointing the kid to be a remote kid and getting admin capabilities. which gave us access to an admin panel which have upload feature, using which we can get a reverse shell as
www-data. Lateral movement to
noah was easy it was about finding the backup of user home folder which contained the private key of user using which we can ssh to the user. After getting enumerating the box we see
(ALL) NOPASSWD: /usr/bin/docker exec -it webapp-dev01* which means we can exec into a pod. enumerating more and google around escaping docker container we see we can do that using a CVE
CVE-2019-5736 using which we get root on the box.
Armageddon was a easy linux machine by bertolis on HTB. Initial foothold was finding a drupal instance. and enumerating this more we find the version which has a unauthenticated RCE using which we get a shell. Privilege Escalation was exploiting
sudo snap with
gtfobins to get root.