HTB: Pandora

Posted on 25 May 2022 in security • Tagged with security, boot2root, HTB, suid, snmp, pandora • 5 min read

Pandora Card

This box is a writeup about a retired HacktheBox machine: Pandora publish on January 8, 2022 by TheCyberGeek and dmw0ng. This box is rated as an easy machine. It implies an UDP service, a localy exposed vulnerable application and an SUID binary.


Continue reading

HTB: Backdoor

Posted on 25 Apr 2022 in security • Tagged with security, boot2root, HTB, wordpress, lfi, gdbserver, screen • 2 min read

Backdoor

This is a writeup about a retired HacktheBox machine: Backdoor publish on November 20, 2021 by hkabubaker17. This box is rated as an easy machine. It implies a wordpress plugin, a LFI, a gdbserver and a screen process.


Continue reading

HTB: Secret

Posted on 28 Mar 2022 in security • Tagged with security, boot2root, HTB, jwt, core dump • 3 min read

Secret

This is a writeup about a retired HacktheBox machine: Secret publish on October 30, 2021 by z9fr. This box is rated as an easy machine. It implies a JWT token and its secret, as well as a program core dump.


Continue reading

HTB: Driver

Posted on 27 Feb 2022 in security • Tagged with security, boot2root, HTB, SCF file attack, print nightmare • 3 min read

Driver Card

This article is a writeup about a retired HacktheBox machine: Driver published on October 2, 2021 by MrR3boot. This box is rated as easy box the user part implies a "standard" password, a SCF file and Responder The root part is nudged by a few hints (box logo,printer on the foothold website) and implies the use of the CVE-2021-1675 and CVE-2021-34527 also know as PrintNightmare.


Continue reading

HTB: Horizontall

Posted on 07 Feb 2022 in security • Tagged with security, boot2root, HTB, strapi, laravel • 3 min read

Horizontall Card

This box is a writeup about a retired HacktheBox machine: Horizontall publish on August 28, 2021 by wail99. This box is rated as an easy machine. It implies a hidden subdomain, a strapi exploit, some "tunneling" and a laravel exploit.


Continue reading

HTB: Forge

Posted on 21 Jan 2022 in security • Tagged with security, boot2root, HTB, SSRF, LFI • 3 min read

Forge Card

This is a writeup about a retired HacktheBox machine: Forge publish on September 11, 2021 by NoobHacker9999. This box is rated as a medium machine but could be qualified as an easy medium :). It implies a SSRF and an LFI as well as some Python and a PDB.


Continue reading

HTB: Previse

Posted on 08 Jan 2022 in security • Tagged with security, boot2root, HTB, PATH • 4 min read

Previse

This is a writeup about a retired HacktheBox machine: Previse publish on August 7, 2021 by m4lwhere. This box is rated as an easy machine. It implies a hidden page, a unsanitize variable, a funny salt and a relative PATH.


Continue reading

HTB: BountyHunter

Posted on 28 Dec 2021 in security • Tagged with security, boot2root, HTB, XXE, php filter, python • 4 min read

BountyHunterCard

This is a writeup about a retired HacktheBox machine: BountyHunter publish on July 25, 2021 by ejedev. This box is rated as an easy machine. It implies an XXE and some python.


Continue reading

HTB: Exlore

Posted on 01 Nov 2021 in security • Tagged with security, boot2root, HTB, Android, exploit, adb • 3 min read

Explore card

This is a writeup about a retired HacktheBox machine: Explorer created by bertolis and publish on June 26, 2021. This box is classified as an easy machine. The user part involves an Android exploit for ES File Explorer and the root part a simple port forward and an adb shell.


Continue reading

HTB: Cap

Posted on 23 Oct 2021 in security • Tagged with security, boot2root, HTB, capabilities • 2 min read

cap Card

This article is a writeup about a retired HacktheBox machine: Cap published on June 5, 2021 by InfoSecJack. This box is rated as easy box the user part implies to know a bit about array indexes and wireshark. The root part is quit easy and implies a binary capabilities.


Continue reading