HTB: The Notebook

Posted on 01 Aug 2021 in security • Tagged with security, boot2root, HTB, JWT, docker, CVE-2019-5736, CVE • 4 min read

The Notebook Card

This is a writeup about a retired HacktheBox machine: TheNotebook publish on Mars 6, 2021 by mostwanted002. This box is rated as a medium machine. It implies a JWT token, some PHP files and a docker exploit.


Continue reading

HTB: OpenKeyS

Posted on 14 Dec 2020 in security • Tagged with security, boot2root, HTB, OpenBSD, CVE • 4 min read

openkeys card

This is a writeup about a retired HacktheBox machine: OpenKeys published on July 25 2020 by polarbearer and GibParadox This box is classified as a medium machine. This box implies an openBSD box with a check_auth exploit.


Continue reading

HTB: Book

Posted on 12 Jul 2020 in security • Tagged with security, boot2root, HTB, Linux, SQLi, XSS, logrotate, CVE • 5 min read

Book card

This is a writeup about a retired HacktheBox machine: Book This box is classified as a medium machine published on February the 22th 2020 by MrR3boot. It involves some XSS, an SQL truncation injection and a CVE on logrotate.


Continue reading

CVE 2016-5195 dirtycow

Posted on 11 Dec 2016 in security • Tagged with cve, security, exploit • 2 min read

Ðirtycow logo

Dirty COW (CVE-2016-5195) is a privilege escalation vulnerability in the Linux Kernel. "A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system." (Source: Red Hat)


Continue reading

CVE 2016-6210 OpenSSHD user enumeration

Posted on 23 Jul 2016 in security • Tagged with cve, security, exploit • 2 min read

The 13th if July a new wild CVE appeared (Yes, Pokemon Go is still a buzz for the moment).

The CVE 2016-6210 allow a user enumeration on an SSH server by comparing request time between non existing user and allowed ones. This vulnerability target OpenSSHD with a version of 7.2p2 or inferior.

That means with a good dictionary you may know which user are present on the server with an SSH access.

This post just demonstrate how to exploit this vulnerability with a simple example.


Continue reading