HTB: Nest

Posted on 07 Jun 2020 in security • Tagged with security, boot2root, HTB, VB, .NET, RE, SMB, Windows • 10 min read

Nest card

This is a writeup about a retired HacktheBox machine: Nest This box is classified as an easy machine. It was publish on January the 25th by VbScrub. This box is a bit different that the other ones on HTB. Until the last step you never have a shell on the box (and none is needed to root it). All commands and enumeration are done on the SMB service. There is also a personnalized service HQK.

Getting user involve understanding a bit of cryptography (homemade combination of base64 and AES) but nothing too complexe.

Getting root required to decompile some .NET executable to get some parameter for the homemade encryption.


Continue reading

HTB: Resolute

Posted on 31 May 2020 in security • Tagged with security, boot2root, HTB, DLL, DnsAdmins • 8 min read

Resolute Card

This is a writeup about a retired HacktheBox machine: Resolute. This box was created by egre55 and publish on December the 7th 2019. The box is rated as a medium box. It implies a lot of enumeration and really interesting privilege escalation in Windows environment using DLL injection.


Continue reading

HTB: Obscurity

Posted on 11 May 2020 in security • Tagged with security, boot2root, HTB, Crypto, Linux • 8 min read

Obscurity card

This is a writeup about a retired HacktheBox machine: Obscurity This box is classified as a medium machine. It was release on December the first 2019 by clubby789. It implies some enumeration and a lot of python.


Continue reading

HTB: OpenAdmin

Posted on 04 May 2020 in security • Tagged with security, boot2root, HTB, openAdmin, sudo, nano • 6 min read

OpenAdmin card

This is a writeup about a retired HacktheBox machine: OpenAdmin created by dmw0ng and publish on January 4, 2020. This box is classified as an easy machine. The user part is longer than the root part and involve to find a vulnerable component, exploit it to get a shell, found the creds of an user able to connect using SSH then found another webservice to get the private SSH key of a second user. The root part is simply exploiting a sudo permission on nano to execute command.


Continue reading

Hackpack CTF 2020

Posted on 28 Apr 2020 in security • Tagged with security, CTF, web • 6 min read

Hackpack CTF logo

This weekend I participate to the Hackpack CTF with the team hackers for the jilted generation (mostly me this time). We finished 126th with 811 points. Here are some writeup about the challenges.


Continue reading

HTB: Mango

Posted on 19 Apr 2020 in security • Tagged with security, boot2root, HTB, NoSQL, SUID, linux • 6 min read

Mango card

This is a writeup about a retired HacktheBox machine: Mango publish by MrR3boot on October 26 2019. This box is classified as a medium machine. It involves a interesting NoSQL injection and a SUID binary.


Continue reading

DawgCTF 2020

Posted on 13 Apr 2020 in security • Tagged with security, CTF, crypto, RSA • 4 min read

Cyberdawgs logo

This weekend I participate to the DawgCTF with the team hackers for the jilted generation. We finished 46th with 4530 points. Here are some writeup about the cryptography challenges.


Continue reading

HTB: Traverxec

Posted on 11 Apr 2020 in security • Tagged with security, boot2root, HTB, linux, nostromo, journalctl • 6 min read

Traverxec Card

This is a writeup about a retired HacktheBox machine: Traverxec. This box is rated as an easy box. It implies the exploitation of a CVE on notsromo, the use of some nostromo misconfiguration and a little trick to trigger a page with a sudo command.


Continue reading

HTB: Registry

Posted on 04 Apr 2020 in security • Tagged with security, boot2root, linux, HTB, docker, bolt CMS, restic, SUID • 13 min read

Jarvis Card

This is a writeup about a retired HacktheBox machine: Registry. This box is rated as a hard box. It was release on October 19 by thek. It implies a few rabbit holes, the Docker registry API, the Bolt CMS, and the SUID binary restic.


Continue reading

HTB: Forest

Posted on 21 Mar 2020 in security • Tagged with security, boot2root, HTB, windows, winrm, PTH, bloodhound, impacket • 12 min read

Forest card

This is a writeup about a retired HacktheBox machine: Forest published by egre55 and mrb3n on October the 12th 2019. This box is a Windows machine classified as easy. The server is a Domain Controller with 24 open ports. We will use Winrm, bloodhound and impacket to get both the user flag and the "root" flag.


Continue reading