This is a writeup about a retired HacktheBox machine: Admirer created by polarbearer and GibParadox and publish on May 2, 2020. This box is classified as an easy machine. The user part implied a few enumeration and an adminer vulnerability. The root part implied a sudo permission with SETENV and a python script.
This is a writeup about a retired HacktheBox machine:
OpenAdmin created by
dmw0ng and publish on
January 4, 2020.
This box is classified as an easy machine. The user part is longer than the root
part and involve to find a vulnerable component, exploit it to get a shell,
found the creds of an user able to connect using SSH then found another
webservice to get the private SSH key of a second user.
The root part is simply exploiting a sudo permission on
nano to execute command.