Hackthebox - Atom

Atom

Summary

Atom was a medium difficulty Windows machine by HTB user MrR3boot. Initial foothold was finding a file on ftp and with google-foo we find about electron builder RCE using which we get our initial shell on the box. Privilege Escalation was about find Administrator credential from PortableKanBan which uses Redis.

Read more
Instahyre - Tabnabbing
Tab Nabbing in profile page which can lead to a phishing attack on www.Instahyre.comReported: 2021-01-05 IntroductionAn issue which reside on the Inst ...
Read more
Hackthebox - Tenet

Summary

Tenet was a medium difficulty Linux box by HackTheBox user egotisticalSW.
Initial Enumeration on the box reveal a sator file and a backup file which show us an Deserialization attack vector using which we can write a file and get a reverse shell.
After getting the box we find DB Password checking that with user we get a shell as user neil. We check for sudo -l we see we can run a enableSSH.sh without password.
Checking the script we see we can grab root ssh key as the script it copying that to a tmp file(Race condition) and then deleting that.

Read more
Hackthebox - ScriptKiddie

Summary

ScriptKiddie is a Hackthebox Easy Linux machine created by Hackthebox User 0xdf. Initial Enumeration was creating a malicious apk and using that to get a shell. After getting a reverse shell as user of the box. Privilege Escalation was just running sudo msfconsole and then bash to get root.

Read more
Hackthebox - Delivery

Summary

Delivery,a Linux box created by HackTheBox user ippsec. The Box don’t contain any exploitation and was about Enumerating the box properly. The Initial Enumeration Shows that mattermost is running and we need an @delivery.htb email to register to the box. Along side that an HelpDesk is running and creating a Ticket give us an email to that ticket. We can combine both to register an User and use that to get get into Mattermost. Checking Mattermost we get multiple hints for root also credential to get user. After ssh in the box we can use the hint and find root password hash for mattermost in mysql db. and from the hint we know we can crack the password PleaseSubscribe! along with rule and get root shell.

Read more