HTB: The Notebook

Posted on 01 Aug 2021 in security • Tagged with security, boot2root, HTB, JWT, docker, CVE-2019-5736, CVE • 4 min read

The Notebook Card

This is a writeup about a retired HacktheBox machine: TheNotebook publish on Mars 6, 2021 by mostwanted002. This box is rated as a medium machine. It implies a JWT token, some PHP files and a docker exploit.


Continue reading

HTB: Ready

Posted on 16 May 2021 in security • Tagged with security, boot2root, HTB, gitlab, docker • 4 min read

Ready card

This is a writeup about a retired HacktheBox machine: Ready published on December 12 2020 by bertolis This box is classified as a medium machine. This box implies an outdated gitlab server, a clear text password in a backup file and a docker container.


Continue reading

HTB: Cache

Posted on 10 Oct 2020 in security • Tagged with security, boot2root, HTB, Linux, openEMR, docker, memcache • 8 min read

Cache card

This is a writeup about a retired HacktheBox machine: Cache created by ASHacker and publish on May 9, 2020. This box is classified as a medium machine. The user part is the harder as it involve some enumeration, chaining two exploit for openEMR. The root part is quit easier as it was a simple "exploitation" the box's memcache and the docker permissions.


Continue reading

HTB: Registry

Posted on 04 Apr 2020 in security • Tagged with security, boot2root, linux, HTB, docker, bolt CMS, restic, SUID • 13 min read

Jarvis Card

This is a writeup about a retired HacktheBox machine: Registry. This box is rated as a hard box. It was release on October 19 by thek. It implies a few rabbit holes, the Docker registry API, the Bolt CMS, and the SUID binary restic.


Continue reading