This is a writeup about a retired HacktheBox machine: Sauna published on February the 15th 2020 by egotisticalSW This box is classified as an easy machine. This box has a lot of similarities with forest: The user part require some smart enumeration. The second user also require to enumerate the box and the root part is a "simple" exploitation of the second user's privileges.
This is a writeup about a retired HacktheBox machine: Forwardslash created by InfoSecJack and chivato publish on April 4, 2020. This box is classified as an hard machine. The user part inplies some enumeration a LFI, some PHP filter, a home made backup binary. The root part implies some home made crypto (don't) and a LUKS image.
This is a writeup about a retired HacktheBox machine: Monteverde published on January the 11th 2020 by egre55. This box is classified as a medium machine. The user part is quit direct and easy and involve to enumerate a few basic services. The root part was harder for me as it is based on a specific issue with Azure AD and Password Hash Synchronisation.
This is a writeup about a retired HacktheBox machine: Nest This box is classified as an easy machine. It was publish on January the 25th by VbScrub. This box is a bit different that the other ones on HTB. Until the last step you never have a shell on the box (and none is needed to root it). All commands and enumeration are done on the SMB service. There is also a personnalized service HQK.
Getting user involve understanding a bit of cryptography (homemade combination of base64 and AES) but nothing too complexe.
Getting root required to decompile some .NET executable to get some parameter for the homemade encryption.
This is a writeup about a retired HacktheBox machine:
OpenAdmin created by
dmw0ng and publish on
January 4, 2020.
This box is classified as an easy machine. The user part is longer than the root
part and involve to find a vulnerable component, exploit it to get a shell,
found the creds of an user able to connect using SSH then found another
webservice to get the private SSH key of a second user.
The root part is simply exploiting a sudo permission on
nano to execute command.