HTB: Mango

Posted on 19 Apr 2020 in security • Tagged with security, boot2root, HTB, NoSQL, SUID, linux • 6 min read

Mango card

This is a writeup about a retired HacktheBox machine: Mango publish by MrR3boot on October 26 2019. This box is classified as a medium machine. It involves a interesting NoSQL injection and a SUID binary.


Continue reading

HTB: Traverxec

Posted on 11 Apr 2020 in security • Tagged with security, boot2root, HTB, linux, nostromo, journalctl • 6 min read

Traverxec Card

This is a writeup about a retired HacktheBox machine: Traverxec. This box is rated as an easy box. It implies the exploitation of a CVE on notsromo, the use of some nostromo misconfiguration and a little trick to trigger a page with a sudo command.


Continue reading

HTB: Registry

Posted on 04 Apr 2020 in security • Tagged with security, boot2root, linux, HTB, docker, bolt CMS, restic, SUID • 13 min read

Jarvis Card

This is a writeup about a retired HacktheBox machine: Registry. This box is rated as a hard box. It was release on October 19 by thek. It implies a few rabbit holes, the Docker registry API, the Bolt CMS, and the SUID binary restic.


Continue reading

HTB: Postman

Posted on 15 Mar 2020 in security • Tagged with security, boot2root, HTB, redis, webmin, linux • 6 min read

Postman Card

This is a writeup about a retired HacktheBox machine: Postman publish on Novemer the second 2019 by TheCyberGeek. This box is rated as easy box. It implies a redis server, a id_rsa.bak, john the ripper and webmin 1.910.


Continue reading

HTB: Bitlab

Posted on 11 Jan 2020 in security • Tagged with security, boot2root, HTB, gitlab, x64dbg, postgresql, linux • 5 min read

Bitlab Card

This is a writeup about a retired HacktheBox machine: Bitlab. This box is rated as a medium box. It implies a gitlab, a user, some enumeration, a PostgreSQL database, some pain with a b64 password and some basic reverse engineering on a Windows binary.

If you just want to play with the binary: it is available in the "RemoteConnection.exe" part.


Continue reading

HTB: Craft

Posted on 05 Jan 2020 in security • Tagged with security, boot2root, HTB, git, gogs, api, vault, linux • 6 min read

Craft card

This is a writeup about a retired HacktheBox machine: Craft This box is classified as a medium machine. The user part is quit long and involve to find "secrets" in a git repository, access an API to get a reverse shell and manipulate a MySQL database in a jailed environment. The root part is quit easier and involve to interact with a vault instance.


Continue reading

HTB: Wall

Posted on 07 Dec 2019 in security • Tagged with security, boot2root, HTB, bruteforce, centreon, WAF, bypass, SUID, screen, linux • 5 min read

Wall Card

This is a writeup about a retired HacktheBox machine: Wall. This box is rated as a medium box. It implies a lot of frustration, some bruteforce, an centreon exploit with a WAF bypass and the exploitation of a SUID screen.


Continue reading

HTB: Jarvis

Posted on 10 Nov 2019 in security • Tagged with security, boot2root, HTB, SQLi, linux • 7 min read

Jarvis Card

This is a writeup about a retired HacktheBox machine: Jarvis. This box is rated as a medium box. It implies a dead end, some SQL injection, a homemade script and a SUID binary.


Continue reading

HTB: Ellingson

Posted on 21 Oct 2019 in security • Tagged with security, boot2root, HTB, buffer overflow, ROP, ret2libc, linux • 10 min read

Ellingson card

This is a writeup about a retired HacktheBox machine: Ellingson This box is classified as a hard machine. The user is not too hard to get as it require to know python and password's cracking. The root part is really hard as this require the exploitation of a ROP buffer overflow.

Note: if you just want to play with the buffer overflow, the binary is available on this site, just go to the "Analysing the Buffer Overflow" section.


Continue reading

HTB: Writeup

Posted on 12 Oct 2019 in security • Tagged with security, boot2root, HTB, exploit, linux • 4 min read

Writeup Card

This article is a writeup about a retired HacktheBox machine: Writeup. (Yes the machine name is writeup, searching a writeup for writeup will be a funny thing.). The machine is classed as an easy one. It involves vulnerability in a known CMS as well as "PATH vulnerability" for the privilege escalation.


Continue reading