HTB: Love

Posted on 09 Aug 2021 in security • Tagged with security, boot2root, HTB, windows, php, AlwaysInstallElevated • 4 min read

Love card

This is a writeup about a retired HacktheBox machine: Love published on May 1 2021 by pwnmeow This box is classified as an easy machine. This box implies a SSRF, some php file and an AlwaysInstallElevated privilege on a Windows box.


Continue reading

HTB: Omni

Posted on 07 Feb 2021 in security • Tagged with security, boot2root, HTB, Windows, IOT • 7 min read

Omni Card

This is a writeup about a retired HacktheBox machine: Omni publish on August 22, 2020 by egre55. This box is rated as easy box. I was mostly intrigue by the "Other" operating system. It implies some Google search, a RAT and SecureStrings.


Continue reading

HTB: Buff

Posted on 22 Nov 2020 in security • Tagged with security, boot2root, HTB, Windows, chisel, cloudme • 4 min read

Buff card

This is a writeup about a retired HacktheBox machine: Buff published on July 18 2020 egotisticalSW This box is classified as an easy machine. The user part just require to exploit a CVE. The root part require first to pivot to access the box's internal services then exploit another CVE.


Continue reading

HTB: Remote

Posted on 10 Nov 2020 in security • Tagged with security, boot2root, HTB, windows, umbraco, teamviewer, metasploit, msfvenom • 6 min read

Remote card

This is a writeup about a retired HacktheBox machine: Remote published by mrb3n on Mars the 21th 2020. This box is a Windows machine classified as easy. It implies a NFS share, a vulnerable CMS, TeamViewer and a second unintended way towards root.


Continue reading

HTB: Cascade

Posted on 26 Jul 2020 in security • Tagged with security, boot2root, HTB, Windows, LDAP, VNC, AD Recycle bin • 7 min read

Cascade Card

This is a writeup about a retired HacktheBox machine: Cascade publish on Mars 28 2020 by VbScrub. This box is rated as medium box. It implies some LDAP search, some SMB shares, a VNC registry, some reverse engineering and the AD Recycle Bin.


Continue reading

HTB: Sauna

Posted on 22 Jul 2020 in security • Tagged with security, boot2root, HTB, Windows, impacket, enumeration • 7 min read

Sauna card

This is a writeup about a retired HacktheBox machine: Sauna published on February the 15th 2020 by egotisticalSW This box is classified as an easy machine. This box has a lot of similarities with forest: The user part require some smart enumeration. The second user also require to enumerate the box and the root part is a "simple" exploitation of the second user's privileges.


Continue reading

HTB: ServMon

Posted on 21 Jun 2020 in security • Tagged with security, boot2root, HTB, Windows, exploit • 7 min read

ServMon Card

This article is a writeup about a retired HacktheBox machine: ServMon publish on April 11 2020 by dmw0ng. This box is rated as an easy box. This box is really unstable and can be a pain as there is a lot of reset on public server. It implies an anonymous FTP, a Passwords.txt file and two exploits.


Continue reading

HTB: Monteverde

Posted on 15 Jun 2020 in security • Tagged with security, boot2root, HTB, Windows, SMB, Azure, PHS • 13 min read

Craft card

This is a writeup about a retired HacktheBox machine: Monteverde published on January the 11th 2020 by egre55. This box is classified as a medium machine. The user part is quit direct and easy and involve to enumerate a few basic services. The root part was harder for me as it is based on a specific issue with Azure AD and Password Hash Synchronisation.


Continue reading

HTB: Nest

Posted on 07 Jun 2020 in security • Tagged with security, boot2root, HTB, VB, .NET, RE, SMB, Windows • 10 min read

Nest card

This is a writeup about a retired HacktheBox machine: Nest This box is classified as an easy machine. It was publish on January the 25th by VbScrub. This box is a bit different that the other ones on HTB. Until the last step you never have a shell on the box (and none is needed to root it). All commands and enumeration are done on the SMB service. There is also a personnalized service HQK.

Getting user involve understanding a bit of cryptography (homemade combination of base64 and AES) but nothing too complexe.

Getting root required to decompile some .NET executable to get some parameter for the homemade encryption.


Continue reading

HTB: Forest

Posted on 21 Mar 2020 in security • Tagged with security, boot2root, HTB, windows, winrm, PTH, bloodhound, impacket • 12 min read

Forest card

This is a writeup about a retired HacktheBox machine: Forest published by egre55 and mrb3n on October the 12th 2019. This box is a Windows machine classified as easy. The server is a Domain Controller with 24 open ports. We will use Winrm, bloodhound and impacket to get both the user flag and the "root" flag.


Continue reading