HTB: Love

Posted on 09 Aug 2021 in security • Tagged with security, boot2root, HTB, windows, php, AlwaysInstallElevated • 4 min read

Love card

This is a writeup about a retired HacktheBox machine: Love published on May 1 2021 by pwnmeow This box is classified as an easy machine. This box implies a SSRF, some php file and an AlwaysInstallElevated privilege on a Windows box.


Continue reading

HTB: The Notebook

Posted on 01 Aug 2021 in security • Tagged with security, boot2root, HTB, JWT, docker, CVE-2019-5736, CVE • 4 min read

The Notebook Card

This is a writeup about a retired HacktheBox machine: TheNotebook publish on Mars 6, 2021 by mostwanted002. This box is rated as a medium machine. It implies a JWT token, some PHP files and a docker exploit.


Continue reading

HTB: Armageddon

Posted on 26 Jul 2021 in security • Tagged with security, boot2root, HTB, linux, Drupalgeddon • 4 min read

armageddon Card

This is a writeup about a retired HacktheBox machine: Armageddon publish on Mars 27, 2021 by Bertolis. This box is rated as an easy machine. It implies the drupalgeddon vulnerability and some permissive sudo permissions.


Continue reading

HTB: Ophiuchi

Posted on 05 Jul 2021 in security • Tagged with security, boot2root, HTB, Linux, YAML, deserialization, webassembly • 5 min read

Ophiuchi card

This is a writeup about a retired HacktheBox machine: Ophiuchi created by felamos and publish on February 13, 2021. This box is classified as a medium machine. The user part involves YAML and deserialization as the root part involves webassembly binaries.


Continue reading

HTB: ScriptKiddie

Posted on 07 Jun 2021 in security • Tagged with security, boot2root, HTB, msfvenom, nmap, msfconsole • 4 min read

ScriptKiddie Card

This is a writeup about a retired HacktheBox machine: ScriptKiddie publish on February 6, 2021 by 0xdf. This box is rated as easy box the user part implies to use CVE-2020-7384, the root part is just abusing a bash script and using msfconsole.


Continue reading

HTB: Delivery

Posted on 24 May 2021 in security • Tagged with security, boot2root, HTB, Linux, john • 4 min read

Delivery card

This is a writeup about a retired HacktheBox machine: Delivery created by ippsec and publish on January 9 2021. This box is classified as an easy machine. The user part involve to understand a process and exploit some functionnal flow. The root part implies enumeration and cracking somes hashes binary.


Continue reading

HTB: Laboratory

Posted on 16 May 2021 in security • Tagged with security, boot2root, HTB, linux, gitlab • 5 min read

Laboratory Card

This is a writeup about a retired HacktheBox machine: Laboratory publish on November 14, 2020 by 0xc45. This box is rated as an easy box. It implies mostly gitlab and a LFI vulnerability and an SUID binary.


Continue reading

HTB: Ready

Posted on 16 May 2021 in security • Tagged with security, boot2root, HTB, gitlab, docker • 4 min read

Ready card

This is a writeup about a retired HacktheBox machine: Ready published on December 12 2020 by bertolis This box is classified as a medium machine. This box implies an outdated gitlab server, a clear text password in a backup file and a docker container.


Continue reading

HTB: Time

Posted on 07 Apr 2021 in security • Tagged with security, boot2root, HTB, linux, jackson, deserialization • 3 min read

Time Card

This is a writeup about a retired HacktheBox machine: Time publish on October 24, 2020 by egotisticalSW and felamos . This box is rated as a medium box. It implies a hard foothold using Jackson and some Google fu. The root part is quit fast as there is a writable bash script running regularly as root.


Continue reading

HTB: Passage

Posted on 09 Mar 2021 in security • Tagged with security, boot2root, HTB, linux • 4 min read

Passage Card

This is a writeup about a retired HacktheBox machine: Passage publish on September 2, 2020 by ChefByzen. This box is rated as a medium box. It implies two public exploit and a shared SSH private key.


Continue reading