HTB: Tabby

Posted on 10 Nov 2020 in security • Tagged with security, boot2root, HTB, Linux, tomcat, zip, lxd, lxc, LFI • 7 min read

Tabby Card

This article is a writeup about a retired HacktheBox machine: Tabby publish on June 20 2020 by egree55. This box is rated as an easy box. The user part implies a Local File Inclusion (LFI) and the tomcat manager. The root part implies LXC/LXD (Linux kernel containment).


Continue reading

HTB: Blunder

Posted on 19 Oct 2020 in security • Tagged with security, boot2root, HTB, linux, cewl, bludit, sudo • 6 min read

Blunder Card

This is a writeup about a retired HacktheBox machine: Blunder. This box was created by egotisticalSW and publish on May 30, 2020. The box is rated as an easy box. It implies enumeration, generating a custom wordlist with cewl, using metasploit, cracking a password and a sudo vulnerability.


Continue reading

HTB: Cache

Posted on 10 Oct 2020 in security • Tagged with security, boot2root, HTB, Linux, openEMR, docker, memcache • 8 min read

Cache card

This is a writeup about a retired HacktheBox machine: Cache created by ASHacker and publish on May 9, 2020. This box is classified as a medium machine. The user part is the harder as it involve some enumeration, chaining two exploit for openEMR. The root part is quit easier as it was a simple "exploitation" the box's memcache and the docker permissions.


Continue reading

HTB: Admirer

Posted on 27 Sep 2020 in security • Tagged with security, boot2root, HTB, adminer, Linux, sudo • 5 min read

Admirer card

This is a writeup about a retired HacktheBox machine: Admirer created by polarbearer and GibParadox and publish on May 2, 2020. This box is classified as an easy machine. The user part implied a few enumeration and an adminer vulnerability. The root part implied a sudo permission with SETENV and a python script.


Continue reading

HTB: Magic

Posted on 29 Aug 2020 in security • Tagged with security, boot2root, HTB, linux, Upload, SUID, SQLi • 6 min read

Magic card

This is a writeup about a retired HacktheBox machine: Magic publish by TRX on April 18 2020. This box is classified as a medium machine but is quit easy. It involves a basic SQL injection, a magic file upload and a SUID binary.


Continue reading

HTB: Traceback

Posted on 19 Aug 2020 in security • Tagged with security, boot2root, HTB, linux • 4 min read

Traceback Card

This is a writeup about a retired HacktheBox machine: Traceback publish on Mars the 14th 2020 by Xh4H. This box is rated as easy box. It implies some Google search, a lua interpreter and a privilege escalation using the MOTD.


Continue reading

Vulnhub: InfoSec Prep: OSCP

Posted on 10 Aug 2020 in security • Tagged with security, boot2root, vulnhub, Linux, lxd, lxc • 4 min read

Book card

This is a writeup about a vulnhub machine InfoSec Prep This box is an really easy box in order to make a small selection for entering a give away for a 30d voucher to the OSCP Lab, Lab materials, and an exam attempt. The box was created by FalconSpy and publish on July 11 2020. It involves a robots.txt file, some base64 an SSH key, lxd and a SUID binary.


Continue reading

HTB: Book

Posted on 12 Jul 2020 in security • Tagged with security, boot2root, HTB, Linux, SQLi, XSS, logrotate, CVE • 5 min read

Book card

This is a writeup about a retired HacktheBox machine: Book This box is classified as a medium machine published on February the 22th 2020 by MrR3boot. It involves some XSS, an SQL truncation injection and a CVE on logrotate.


Continue reading

HTB: Forwardslash

Posted on 07 Jul 2020 in security • Tagged with security, boot2root, HTB, openAdmin, Linux • 9 min read

Forwardslash card

This is a writeup about a retired HacktheBox machine: Forwardslash created by InfoSecJack and chivato publish on April 4, 2020. This box is classified as an hard machine. The user part inplies some enumeration a LFI, some PHP filter, a home made backup binary. The root part implies some home made crypto (don't) and a LUKS image.


Continue reading

HTB: Obscurity

Posted on 11 May 2020 in security • Tagged with security, boot2root, HTB, Crypto, Linux • 8 min read

Obscurity card

This is a writeup about a retired HacktheBox machine: Obscurity This box is classified as a medium machine. It was release on December the first 2019 by clubby789. It implies some enumeration and a lot of python.


Continue reading