HTB: Sauna

Posted on 22 Jul 2020 in security • Tagged with security, boot2root, HTB, Windows, impacket, enumeration • 7 min read

Sauna card

This is a writeup about a retired HacktheBox machine: Sauna published on February the 15th 2020 by egotisticalSW This box is classified as an easy machine. This box has a lot of similarities with forest: The user part require some smart enumeration. The second user also require to enumerate the box and the root part is a "simple" exploitation of the second user's privileges.


Continue reading

HTB: Book

Posted on 12 Jul 2020 in security • Tagged with security, boot2root, HTB, Linux, SQLi, XSS, logrotate, CVE • 5 min read

Book card

This is a writeup about a retired HacktheBox machine: Book This box is classified as a medium machine published on February the 22th 2020 by MrR3boot. It involves some XSS, an SQL truncation injection and a CVE on logrotate.


Continue reading

HTB: Forwardslash

Posted on 07 Jul 2020 in security • Tagged with security, boot2root, HTB, openAdmin, Linux • 9 min read

Forwardslash card

This is a writeup about a retired HacktheBox machine: Forwardslash created by InfoSecJack and chivato publish on April 4, 2020. This box is classified as an hard machine. The user part inplies some enumeration a LFI, some PHP filter, a home made backup binary. The root part implies some home made crypto (don't) and a LUKS image.


Continue reading

HTB: ServMon

Posted on 21 Jun 2020 in security • Tagged with security, boot2root, HTB, Windows, exploit • 7 min read

ServMon Card

This article is a writeup about a retired HacktheBox machine: ServMon publish on April 11 2020 by dmw0ng. This box is rated as an easy box. This box is really unstable and can be a pain as there is a lot of reset on public server. It implies an anonymous FTP, a Passwords.txt file and two exploits.


Continue reading

HTB: Monteverde

Posted on 15 Jun 2020 in security • Tagged with security, boot2root, HTB, Windows, SMB, Azure, PHS • 13 min read

Craft card

This is a writeup about a retired HacktheBox machine: Monteverde published on January the 11th 2020 by egre55. This box is classified as a medium machine. The user part is quit direct and easy and involve to enumerate a few basic services. The root part was harder for me as it is based on a specific issue with Azure AD and Password Hash Synchronisation.


Continue reading

HTB: Nest

Posted on 07 Jun 2020 in security • Tagged with security, boot2root, HTB, VB, .NET, RE, SMB, Windows • 10 min read

Nest card

This is a writeup about a retired HacktheBox machine: Nest This box is classified as an easy machine. It was publish on January the 25th by VbScrub. This box is a bit different that the other ones on HTB. Until the last step you never have a shell on the box (and none is needed to root it). All commands and enumeration are done on the SMB service. There is also a personnalized service HQK.

Getting user involve understanding a bit of cryptography (homemade combination of base64 and AES) but nothing too complexe.

Getting root required to decompile some .NET executable to get some parameter for the homemade encryption.


Continue reading

HTB: Resolute

Posted on 31 May 2020 in security • Tagged with security, boot2root, HTB, DLL, DnsAdmins • 8 min read

Resolute Card

This is a writeup about a retired HacktheBox machine: Resolute. This box was created by egre55 and publish on December the 7th 2019. The box is rated as a medium box. It implies a lot of enumeration and really interesting privilege escalation in Windows environment using DLL injection.


Continue reading

HTB: Obscurity

Posted on 11 May 2020 in security • Tagged with security, boot2root, HTB, Crypto, Linux • 8 min read

Obscurity card

This is a writeup about a retired HacktheBox machine: Obscurity This box is classified as a medium machine. It was release on December the first 2019 by clubby789. It implies some enumeration and a lot of python.


Continue reading

HTB: OpenAdmin

Posted on 04 May 2020 in security • Tagged with security, boot2root, HTB, openAdmin, sudo, nano • 6 min read

OpenAdmin card

This is a writeup about a retired HacktheBox machine: OpenAdmin created by dmw0ng and publish on January 4, 2020. This box is classified as an easy machine. The user part is longer than the root part and involve to find a vulnerable component, exploit it to get a shell, found the creds of an user able to connect using SSH then found another webservice to get the private SSH key of a second user. The root part is simply exploiting a sudo permission on nano to execute command.


Continue reading

HTB: Mango

Posted on 19 Apr 2020 in security • Tagged with security, boot2root, HTB, NoSQL, SUID, linux • 6 min read

Mango card

This is a writeup about a retired HacktheBox machine: Mango publish by MrR3boot on October 26 2019. This box is classified as a medium machine. It involves a interesting NoSQL injection and a SUID binary.


Continue reading