Love is an easy linux box created by pwnmeow.
Initial Foothold was finding a credentials with a staging file scanner and using that to login to admin route of voting system. and uploading a php shell using which we get a shell.After getting shell running winPEAs we see we have AlwaysInstallElevated privilege. using which we get Administrator shell.
The Notebook, a linux medium difficulty box was created by Hackthebox user mostwanted002.Initial Foothold of the box was using our own key server and forging the auth (JWT) token and pointing the kid to be a remote kid and getting admin capabilities. which gave us access to an admin panel which have upload feature, using which we can get a reverse shell as www-data. Lateral movement to noah was easy it was about finding the backup of user home folder which contained the private key of user using which we can ssh to the user. After getting enumerating the box we see (ALL) NOPASSWD: /usr/bin/docker exec -it webapp-dev01* which means we can exec into a pod. enumerating more and google around escaping docker container we see we can do that using a CVE CVE-2019-5736 using which we get root on the box.
Armageddon was a easy linux machine by bertolis on HTB. Initial foothold was finding a drupal instance. and enumerating this more we find the version which has a unauthenticated RCE using which we get a shell. Privilege Escalation was exploiting sudo snap with gtfobins to get root.
Atom was a medium difficulty Windows machine by HTB user MrR3boot. Initial foothold was finding a file on ftp and with google-foo we find about electron builder RCE using which we get our initial shell on the box. Privilege Escalation was about find Administrator credential from PortableKanBan which uses Redis.