HTB: Academy

Posted on 28 Feb 2021 in security • Tagged with security, boot2root, HTB, Linux, laravel, composer • 5 min read

Academy card

This is a writeup about a retired HacktheBox machine: Academy created by egre55 and mrb3n and publish on November 7, 2020. This box is classified as an easy machine. The user part involve a public exploit and some enumeration. The root part implies enumeration and a sudo binary.


Continue reading

HTB: Doctor

Posted on 07 Feb 2021 in security • Tagged with security, boot2root, HTB, linux, SSTI, Splunk • 5 min read

Doctor card

This is a writeup about a retired HacktheBox machine: Doctor created by egotisticalSW and publish on September 26, 2020. This box is classified as an easy machine. The user part implied a server side template injection and finding a needle in a haystack. The root part required to use a Splunk exploit to elevate our privileges.


Continue reading

HTB: Omni

Posted on 07 Feb 2021 in security • Tagged with security, boot2root, HTB, Windows, IOT • 7 min read

Omni Card

This is a writeup about a retired HacktheBox machine: Omni publish on August 22, 2020 by egre55. This box is rated as easy box. I was mostly intrigue by the "Other" operating system. It implies some Google search, a RAT and SecureStrings.


Continue reading

HTB: OpenKeyS

Posted on 14 Dec 2020 in security • Tagged with security, boot2root, HTB, OpenBSD, CVE • 4 min read

openkeys card

This is a writeup about a retired HacktheBox machine: OpenKeys published on July 25 2020 by polarbearer and GibParadox This box is classified as a medium machine. This box implies an openBSD box with a check_auth exploit.


Continue reading

HTB: Sneakymailer

Posted on 03 Dec 2020 in security • Tagged with security, boot2root, HTB, linux, phishing, pypi • 6 min read

Sneakymailer Card

This is a writeup about a retired HacktheBox machine: Sneakymailer publish on July 11, 2020 by sulcud. This box is rated as a medium box. It implies some phishing, an IMAP server, a FTP server, Pypi and sudo.


Continue reading

HTB: Buff

Posted on 22 Nov 2020 in security • Tagged with security, boot2root, HTB, Windows, chisel, cloudme • 4 min read

Buff card

This is a writeup about a retired HacktheBox machine: Buff published on July 18 2020 egotisticalSW This box is classified as an easy machine. The user part just require to exploit a CVE. The root part require first to pivot to access the box's internal services then exploit another CVE.


Continue reading

HTB: Tabby

Posted on 10 Nov 2020 in security • Tagged with security, boot2root, HTB, Linux, tomcat, zip, lxd, lxc, LFI • 7 min read

Tabby Card

This article is a writeup about a retired HacktheBox machine: Tabby publish on June 20 2020 by egree55. This box is rated as an easy box. The user part implies a Local File Inclusion (LFI) and the tomcat manager. The root part implies LXC/LXD (Linux kernel containment).


Continue reading

HTB: Remote

Posted on 10 Nov 2020 in security • Tagged with security, boot2root, HTB, windows, umbraco, teamviewer, metasploit, msfvenom • 6 min read

Remote card

This is a writeup about a retired HacktheBox machine: Remote published by mrb3n on Mars the 21th 2020. This box is a Windows machine classified as easy. It implies a NFS share, a vulnerable CMS, TeamViewer and a second unintended way towards root.


Continue reading

HTB: Blunder

Posted on 19 Oct 2020 in security • Tagged with security, boot2root, HTB, linux, cewl, bludit, sudo • 6 min read

Blunder Card

This is a writeup about a retired HacktheBox machine: Blunder. This box was created by egotisticalSW and publish on May 30, 2020. The box is rated as an easy box. It implies enumeration, generating a custom wordlist with cewl, using metasploit, cracking a password and a sudo vulnerability.


Continue reading

HTB: Cache

Posted on 10 Oct 2020 in security • Tagged with security, boot2root, HTB, Linux, openEMR, docker, memcache • 8 min read

Cache card

This is a writeup about a retired HacktheBox machine: Cache created by ASHacker and publish on May 9, 2020. This box is classified as a medium machine. The user part is the harder as it involve some enumeration, chaining two exploit for openEMR. The root part is quit easier as it was a simple "exploitation" the box's memcache and the docker permissions.


Continue reading