Posted on 19 Jun 2022 in security • Tagged with security, boot2root, HTB, Wordpress, CVE-2019-17671 (wordpress), CVE-2021-3560 (polkit) • 5 min read
This article is a writeup about a retired HacktheBox machine: Paper publish on February 05, 2022 by secnigma. This box is rated as an easy machine. It implies a verbose header, a vulnerable WordPress a rocket chat bot and the PolKit exploit.
Posted on 12 Jun 2022 in security • Tagged with security, boot2root, HTB, subdomain, exiftool, ImageMagick, neofetch • 4 min read
This is a writeup about a retired HacktheBox machine:
Meta publish on
January 22, 2022 by
Nauten.
This box is rated as a medium machine. It implies subdomain enumeration, a
vulnerability in exiftool, another on in ImageMagick and a too permissive
sudo command.
Posted on 11 Jun 2022 in security • Tagged with security, osint, phone number • 4 min read
While browsing on the Internet,
I founded a strange functionality forgot username?. Everyone know about the forgot password one that
often imply to input the user email address and get a link to reset ones password. So what is that
forgot username? thing?
Posted on 25 May 2022 in security • Tagged with security, boot2root, HTB, suid, snmp, pandora • 5 min read
This box is a writeup about a retired HacktheBox machine: Pandora publish on January 8, 2022 by TheCyberGeek and dmw0ng. This box is rated as an easy machine. It implies an UDP service, a localy exposed vulnerable application and an SUID binary.
Posted on 25 Apr 2022 in security • Tagged with security, boot2root, HTB, wordpress, lfi, gdbserver, screen • 2 min read
This is a writeup about a retired HacktheBox machine: Backdoor publish on November 20, 2021 by hkabubaker17. This box is rated as an easy machine. It implies a wordpress plugin, a LFI, a gdbserver and a screen process.
Posted on 28 Mar 2022 in security • Tagged with security, boot2root, HTB, jwt, core dump • 3 min read
This is a writeup about a retired HacktheBox machine: Secret publish on October 30, 2021 by z9fr. This box is rated as an easy machine. It implies a JWT token and its secret, as well as a program core dump.
Posted on 27 Feb 2022 in security • Tagged with security, boot2root, HTB, SCF file attack, print nightmare • 3 min read
This article is a writeup about a retired HacktheBox machine: Driver published on October 2, 2021 by MrR3boot. This box is rated as easy box the user part implies a "standard" password, a SCF file and Responder The root part is nudged by a few hints (box logo,printer on the foothold website) and implies the use of the CVE-2021-1675 and CVE-2021-34527 also know as PrintNightmare.
Posted on 07 Feb 2022 in security • Tagged with security, boot2root, HTB, strapi, laravel • 3 min read
This box is a writeup about a retired HacktheBox machine:
Horizontall publish on
August 28, 2021 by
wail99.
This box is rated as an easy machine. It implies a hidden subdomain, a strapi
exploit, some "tunneling" and a laravel exploit.
Posted on 21 Jan 2022 in security • Tagged with security, boot2root, HTB, SSRF, LFI • 3 min read
This is a writeup about a retired HacktheBox machine: Forge publish on September 11, 2021 by NoobHacker9999. This box is rated as a medium machine but could be qualified as an easy medium :). It implies a SSRF and an LFI as well as some Python and a PDB.
Posted on 08 Jan 2022 in security • Tagged with security, boot2root, HTB, PATH • 4 min read
This is a writeup about a retired HacktheBox machine: Previse publish on August 7, 2021 by m4lwhere. This box is rated as an easy machine. It implies a hidden page, a unsanitize variable, a funny salt and a relative PATH.