HTB: Swagshop

Posted on 29 Sep 2019 in security • Tagged with security, boot2root, HTB, linux, mangento • 6 min read

Swagshop Card

This article is a writeup about a retired HacktheBox machine: Swagshop This box was suppose to be an easy one. Turns out it wasn't. I struggle a lot in wrong direction and finally found a path to root this magento box.

This article presents the different methods which failed on the box as well as the solution to root it.


Continue reading

Vulnhub, born2root

Posted on 20 Nov 2017 in security • Tagged with security, vulnhub, boot2root, linux • 5 min read

Born2root homepage

After the bulldog machine I worked on the born2root one. A simple boot2root machine by Hadi Mene.


Continue reading

Vulnhub, Bulldog: 1

Posted on 10 Nov 2017 in security • Tagged with security, vulnhub, hash, boot2root, linux • 5 min read

Bulldog homepage

At the moment I have some times to work again on Vulnhub virtual machine. So here I picked the first one at the moment: Bulldog: 1 A simple boot2root machine by Nick Frichette.


Continue reading

Vulnhub SecTalks: BNE0x03 - Simple

Posted on 11 May 2016 in security • Tagged with msfvenom, security, vulnhub, metasploit, boot2root, linux • 3 min read

Simple homepage

As droopy was not really hard and doesn't contain as much web vulnerability as I would hope for, I tried an other VM SecTalks: BNE0x03 - Simple There were also hints on the description of the machine but with my resolution they do not appear when just browsing the main page of vulnhub so I have not spoiled myself with the hints this time.


Continue reading

Vulnhub Droopy

Posted on 10 May 2016 in security • Tagged with drupal, security, vulnhub, boot2root, linux • 5 min read

Droopy homepage A few days ago, I installed a new pentesting box based on Arch Linux with Kali

in a virtual machine. In order to test it I select a light vulnbox on vulnhub : Droopy. There were two hints on the description of the machine on the vulnhub download page:

  1. Grab a copy of the rockyou wordlist.
  2. It's fun to read other people's email.

We will see how to use them in a moment :)


Continue reading

Vulnhub - FlickII

Posted on 13 Mar 2016 in security • Tagged with security, vulnhub, challenge, boot2root, linux • 13 min read

FlickII

Still playing with the vulnhub machines this time it is the turn of FlickII. This one is different from the others as it has an android application associated. It would be a great exercice to play with mobile application, decompile it and see what is in the inside.


Continue reading

Vulnhub - NullByte

Posted on 11 Sep 2015 in security • Tagged with security, vulnhub, challenge, linux • 5 min read

NullByte

After the Acid challenge I was really motivated. Therefore I give a look at another vulnhub machine I had already download since a while: NullByte.


Continue reading

Vulnhub - Acid

Posted on 11 Sep 2015 in security • Tagged with security, vulnhub, boot2root, linux • 6 min read

acid

Since Fart knocker in June I have worked on an other vulnhub machine: darknet. But this one is really hard and get me stuck. I was a bit demotivated to continue vulnhub's machines but I got some time this week, therefore I tried the Acid one.


Continue reading

Vulnhub - Fart Knocker

Posted on 16 Jun 2015 in security • Tagged with challenge, security, boot2root, vulnhub, linux • 6 min read

beavis and butthead

I continued to play with the vulnhub virtual machine an started the TopHatSec - Fart Knocker. This VM is an Ubuntu 14.04 32 bits.

The goal of this challenge is to break into the machine and root it.

If you beat the box then please shoot me an email! Have fun guys! P.S. I got the word "Fart Knocker" from watching beavis and butthead back in the day. Otherwise you kids might not understand :)


Continue reading

Vulnhub - Freshly

Posted on 20 Apr 2015 in Security • Tagged with challenge, security, vulnhub, boot2root, linux • 5 min read

not the droids

I continued to play with the vulnhub virtual machine and started the TopHatSec - Freshly.

"The goal of this challenge is to break into the machine via the web and find the secret hidden in a sensitive file. If you can find the secret, send me an email for verification. :)"


Continue reading