HTB: Forge

Posted on 21 Jan 2022 in security • Tagged with security, boot2root, HTB, SSRF, LFI • 3 min read

Forge Card

This is a writeup about a retired HacktheBox machine: Forge publish on September 11, 2021 by NoobHacker9999. This box is rated as a medium machine but could be qualified as an easy medium :). It implies a SSRF and an LFI as well as some Python and a PDB.


Continue reading

HTB: Previse

Posted on 08 Jan 2022 in security • Tagged with security, boot2root, HTB, PATH • 4 min read

Previse

This is a writeup about a retired HacktheBox machine: Previse publish on August 7, 2021 by m4lwhere. This box is rated as an easy machine. It implies a hidden page, a unsanitize variable, a funny salt and a relative PATH.


Continue reading

HTB: BountyHunter

Posted on 28 Dec 2021 in security • Tagged with security, boot2root, HTB, XXE, php filter, python • 4 min read

BountyHunterCard

This is a writeup about a retired HacktheBox machine: BountyHunter publish on July 25, 2021 by ejedev. This box is rated as an easy machine. It implies an XXE and some python.


Continue reading

HTB: Exlore

Posted on 01 Nov 2021 in security • Tagged with security, boot2root, HTB, Android, exploit, adb • 3 min read

Explore card

This is a writeup about a retired HacktheBox machine: Explorer created by bertolis and publish on June 26, 2021. This box is classified as an easy machine. The user part involves an Android exploit for ES File Explorer and the root part a simple port forward and an adb shell.


Continue reading

HTB: Cap

Posted on 23 Oct 2021 in security • Tagged with security, boot2root, HTB, capabilities • 2 min read

cap Card

This article is a writeup about a retired HacktheBox machine: Cap published on June 5, 2021 by InfoSecJack. This box is rated as easy box the user part implies to know a bit about array indexes and wireshark. The root part is quit easy and implies a binary capabilities.


Continue reading

BAYC: Mutant Ape game

Posted on 26 Sep 2021 in security • Tagged with security, reverse, javascript, cryptocurrency, NFT • 2 min read

The BAYC, mutant ape game

A different kind of article about a game organized by the Bored Ape Yach Club a few weeks ago. The deal was to complete five levels of a difficult game to get a Proof of attendance token.

As a few weeks have pass since the end of the game I will share a few tips to win every time as the game is written in JavaScript.

The game is located at https://2dengine.com/mutantarcade/

Note: it seems that you are directly in the last level (5/5) using the link above. You can find an archive with the JS files here.


Continue reading

HTB: Knife

Posted on 29 Aug 2021 in security • Tagged with security, boot2root, HTB, linux, php, chef • 3 min read

Knife card

This is a writeup about a retired HacktheBox machine: Knife published on May 22 2021 by MrKN16H This box is classified as an easy machine. This box implies a PHP dev backdoor and a misconfigured sudo permission for knife a chef utility.


Continue reading

HTB: Love

Posted on 09 Aug 2021 in security • Tagged with security, boot2root, HTB, windows, php, AlwaysInstallElevated • 4 min read

Love card

This is a writeup about a retired HacktheBox machine: Love published on May 1 2021 by pwnmeow This box is classified as an easy machine. This box implies a SSRF, some php file and an AlwaysInstallElevated privilege on a Windows box.


Continue reading

HTB: The Notebook

Posted on 01 Aug 2021 in security • Tagged with security, boot2root, HTB, JWT, docker, CVE-2019-5736, CVE • 4 min read

The Notebook Card

This is a writeup about a retired HacktheBox machine: TheNotebook publish on Mars 6, 2021 by mostwanted002. This box is rated as a medium machine. It implies a JWT token, some PHP files and a docker exploit.


Continue reading

HTB: Armageddon

Posted on 26 Jul 2021 in security • Tagged with security, boot2root, HTB, linux, Drupalgeddon • 4 min read

armageddon Card

This is a writeup about a retired HacktheBox machine: Armageddon publish on Mars 27, 2021 by Bertolis. This box is rated as an easy machine. It implies the drupalgeddon vulnerability and some permissive sudo permissions.


Continue reading