Posted on 04 Apr 2020 in security • Tagged with security, boot2root, linux, HTB, docker, bolt CMS, restic, SUID • 13 min read
This is a writeup about a retired HacktheBox machine:
Registry.
This box is rated as a hard box. It was release on October 19 by
thek. It implies a few
rabbit holes, the Docker registry API, the Bolt CMS, and the SUID binary restic.
Posted on 21 Mar 2020 in security • Tagged with security, boot2root, HTB, windows, winrm, PTH, bloodhound, impacket • 12 min read
This is a writeup about a retired HacktheBox machine: Forest published by egre55 and mrb3n on October the 12th 2019. This box is a Windows machine classified as easy. The server is a Domain Controller with 24 open ports. We will use Winrm, bloodhound and impacket to get both the user flag and the "root" flag.
Posted on 15 Mar 2020 in security • Tagged with security, boot2root, HTB, redis, webmin, linux • 6 min read
This is a writeup about a retired HacktheBox machine:
Postman publish on
Novemer the second 2019 by
TheCyberGeek.
This box is rated as easy box. It implies a redis server, a id_rsa.bak, john
the ripper and webmin 1.910.
Posted on 08 Feb 2020 in security • Tagged with security, devops, vault • 4 min read
"Secure, store and tightly control access to tokens, passwords, certificates, encryption keys for protecting secrets and other sensitive data using a UI, CLI, or HTTP API."
Posted on 11 Jan 2020 in security • Tagged with security, boot2root, HTB, gitlab, x64dbg, postgresql, linux • 5 min read
This is a writeup about a retired HacktheBox machine: Bitlab. This box is rated as a medium box. It implies a gitlab, a user, some enumeration, a PostgreSQL database, some pain with a b64 password and some basic reverse engineering on a Windows binary.
If you just want to play with the binary: it is available in the "RemoteConnection.exe" part.
Posted on 05 Jan 2020 in security • Tagged with security, boot2root, HTB, git, gogs, api, vault, linux • 6 min read
This is a writeup about a retired HacktheBox machine: Craft This box is classified as a medium machine. The user part is quit long and involve to find "secrets" in a git repository, access an API to get a reverse shell and manipulate a MySQL database in a jailed environment. The root part is quit easier and involve to interact with a vault instance.
Posted on 07 Dec 2019 in security • Tagged with security, boot2root, HTB, bruteforce, centreon, WAF, bypass, SUID, screen, linux • 5 min read
This is a writeup about a retired HacktheBox machine:
Wall.
This box is rated as a medium box. It implies a lot of frustration, some
bruteforce, an centreon exploit with a WAF bypass and the exploitation of a SUID
screen.
Posted on 01 Dec 2019 in security • Tagged with security, boot2root, HTB, Cisco, winrm, procdump, meterpreter, windows • 7 min read
This is a writeup about a retired HacktheBox machine: Heist This box is classified as an easy machine. It implies some CISCO router configuration, a MS Windows server with a WinRM service, a meterpreter, a tentative of Lazagne and procdump.
Posted on 10 Nov 2019 in security • Tagged with security, boot2root, HTB, SQLi, linux • 7 min read
This is a writeup about a retired HacktheBox machine: Jarvis. This box is rated as a medium box. It implies a dead end, some SQL injection, a homemade script and a SUID binary.
Posted on 21 Oct 2019 in security • Tagged with security, boot2root, HTB, buffer overflow, ROP, ret2libc, linux • 10 min read
This is a writeup about a retired HacktheBox machine: Ellingson This box is classified as a hard machine. The user is not too hard to get as it require to know python and password's cracking. The root part is really hard as this require the exploitation of a ROP buffer overflow.
Note: if you just want to play with the buffer overflow, the binary is available on this site, just go to the "Analysing the Buffer Overflow" section.