This is a writeup about a retired HacktheBox machine:
OpenAdmin created by
dmw0ng and publish on
January 4, 2020.
This box is classified as an easy machine. The user part is longer than the root
part and involve to find a vulnerable component, exploit it to get a shell,
found the creds of an user able to connect using SSH then found another
webservice to get the private SSH key of a second user.
The root part is simply exploiting a sudo permission on
nano to execute command.
This box is a writeup about a retired HacktheBox machine:
This box is rated as an easy box. It implies the exploitation of a CVE on
notsromo, the use of some nostromo misconfiguration and a little trick to
trigger a page with a
This is a writeup about a retired HacktheBox machine: Forest published by egre55 and mrb3n on October the 12th 2019. This box is a Windows machine classified as easy. The server is a Domain Controller with 24 open ports. We will use Winrm, bloodhound and impacket to get both the user flag and the "root" flag.
This box is a writeup about a retired HacktheBox machine: Bitlab. This box is rated as a medium box. It implies a gitlab, a user, some enumeration, a PostgreSQL database, some pain with a b64 password and some basic reverse engineering on a Windows binary.
If you just want to play with the binary: it is available in the "RemoteConnection.exe" part.
This is a writeup about a retired HacktheBox machine: Craft This box is classified as a medium machine. The user part is quit long and involve to find "secrets" in a git repository, access an API to get a reverse shell and manipulate a MySQL database in a jailed environment. The root part is quit easier and involve to interact with a vault instance.