Traverxec,a Linux box created by HackTheBox user jkr, was an overall easy difficulty box.The initial enumeration expose that the web-server is vulnerable to an Directory traversal to RCE attack using which we can get a Reverse Shell as www-data. Later we enumerate and find public_www folder which contain the user david ssh key using which we can get user. Privilege Escalation on this box was very simple gtfobins journalctl.
Wall,a Linux box created by HackTheBox user askar, was an overall medium difficulty box.The initial foothold was finding the cred for centreon server and the seeing the version is vulnerable and have a RCE using that, we get the reverse shell and user. Privilege Escalation was super simple after enumerating we find screen is a SUID and have a exploit on SearchSploit for that version. Using that we get the root shell.
JSON,a Windows box created by HackTheBox user Cyb3rb0b, was an overall easy difficulty box. The initial foothold was about finding the json de-serialization issue in ASP .net and getting an RCE with that and using that to get the user. Privilege Escalation was much more easier checking if the box was vurnable to juciy/rotten potato and we find it is and using that to get Root.
Registry,a Linux box created by HackTheBox user thek, was an overall medium to hard difficulty box.The inital enumeration expose a docker registry from where you can download an image which contain a ssh key for the user.SSH into the box we find nginx config which point us to bolt db. Cracking the password in bolt db we get access to bolt webserver and we can upload a ph0ny shell and get www-data user which have access to run restic backup as root. using that we can get root.