HTB: Admirer

Posted on 27 Sep 2020 in security • Tagged with security, boot2root, HTB, adminer, Linux, sudo • 5 min read

Admirer card

This is a writeup about a retired HacktheBox machine: Admirer created by polarbearer and GibParadox and publish on May 2, 2020. This box is classified as an easy machine. The user part implied a few enumeration and an adminer vulnerability. The root part implied a sudo permission with SETENV and a python script.


Continue reading

HTB: Magic

Posted on 29 Aug 2020 in security • Tagged with security, boot2root, HTB, linux, Upload, SUID, SQLi • 6 min read

Magic card

This is a writeup about a retired HacktheBox machine: Magic publish by TRX on April 18 2020. This box is classified as a medium machine but is quit easy. It involves a basic SQL injection, a magic file upload and a SUID binary.


Continue reading

HTB: Traceback

Posted on 19 Aug 2020 in security • Tagged with security, boot2root, HTB, linux • 4 min read

Traceback Card

This is a writeup about a retired HacktheBox machine: Traceback publish on Mars the 14th 2020 by Xh4H. This box is rated as easy box. It implies some Google search, a lua interpreter and a privilege escalation using the MOTD.


Continue reading

Vulnhub: InfoSec Prep: OSCP

Posted on 10 Aug 2020 in security • Tagged with security, boot2root, vulnhub, Linux, lxd, lxc • 4 min read

Book card

This is a writeup about a vulnhub machine InfoSec Prep This box is an really easy box in order to make a small selection for entering a give away for a 30d voucher to the OSCP Lab, Lab materials, and an exam attempt. The box was created by FalconSpy and publish on July 11 2020. It involves a robots.txt file, some base64 an SSH key, lxd and a SUID binary.


Continue reading

HTB: Cascade

Posted on 26 Jul 2020 in security • Tagged with security, boot2root, HTB, Windows, LDAP, VNC, AD Recycle bin • 7 min read

Cascade Card

This is a writeup about a retired HacktheBox machine: Cascade publish on Mars 28 2020 by VbScrub. This box is rated as medium box. It implies some LDAP search, some SMB shares, a VNC registry, some reverse engineering and the AD Recycle Bin.


Continue reading

HTB: Sauna

Posted on 22 Jul 2020 in security • Tagged with security, boot2root, HTB, Windows, impacket, enumeration • 7 min read

Sauna card

This is a writeup about a retired HacktheBox machine: Sauna published on February the 15th 2020 by egotisticalSW This box is classified as an easy machine. This box has a lot of similarities with forest: The user part require some smart enumeration. The second user also require to enumerate the box and the root part is a "simple" exploitation of the second user's privileges.


Continue reading

HTB: Book

Posted on 12 Jul 2020 in security • Tagged with security, boot2root, HTB, Linux, SQLi, XSS, logrotate, CVE • 5 min read

Book card

This is a writeup about a retired HacktheBox machine: Book This box is classified as a medium machine published on February the 22th 2020 by MrR3boot. It involves some XSS, an SQL truncation injection and a CVE on logrotate.


Continue reading

HTB: Forwardslash

Posted on 07 Jul 2020 in security • Tagged with security, boot2root, HTB, openAdmin, Linux • 9 min read

Forwardslash card

This is a writeup about a retired HacktheBox machine: Forwardslash created by InfoSecJack and chivato publish on April 4, 2020. This box is classified as an hard machine. The user part inplies some enumeration a LFI, some PHP filter, a home made backup binary. The root part implies some home made crypto (don't) and a LUKS image.


Continue reading

HTB: ServMon

Posted on 21 Jun 2020 in security • Tagged with security, boot2root, HTB, Windows, exploit • 7 min read

ServMon Card

This article is a writeup about a retired HacktheBox machine: ServMon publish on April 11 2020 by dmw0ng. This box is rated as an easy box. This box is really unstable and can be a pain as there is a lot of reset on public server. It implies an anonymous FTP, a Passwords.txt file and two exploits.


Continue reading

HTB: Monteverde

Posted on 15 Jun 2020 in security • Tagged with security, boot2root, HTB, Windows, SMB, Azure, PHS • 13 min read

Craft card

This is a writeup about a retired HacktheBox machine: Monteverde published on January the 11th 2020 by egre55. This box is classified as a medium machine. The user part is quit direct and easy and involve to enumerate a few basic services. The root part was harder for me as it is based on a specific issue with Azure AD and Password Hash Synchronisation.


Continue reading