Obscurity is a medium difficulty box where we will leverage bad server code to inject and run commands, and take advantage of poor cryptography and leftover files to get user access. From there we take advantage of sudo privileges and a poorly executed program to read the root.txt file.
Openadmin was an easy box that required exploiting a vulnerability in a running web service to get a shell, then escalating privileges laterally to different users to finally escalating to root abusing a sudo nopasswd access configuration.
Control is a hard-rated box that required writing a shell through an SQL injection, using previously acquired hashes to pivote to a different user and then modifying a service to gain an Administrator shell.
Mango is a medium difficulty box where with basic enumeration and some MongoDB NOSQL Injection we can extract user passwords to log in and get user access. From there we will leverage a classic jjs privilege escalation to get root access and read the root.txt file.
Traverxec is an easy difficulty box in which we are able to leverage a directory traversal vulnerability in Nostromo to achieve remote command execution. We use a Metasploit exploit to gain a shell on the machine as www-data. Because of file/directory permission misconfiguration we can access a backup file containing user credentials, and then elevate our privileges to the root account via the user’s sudo privilege and a known shell escape for journalctl where the less pager allows us to execute commands as root.
CVE-2019-19699 Centreon =< 19.10 Proof of Concept Authenticated Remote Code Execution (CVE-2019-19699) Privilege escalation (Walkthrough & Mitigation)
Registry is a Hard-rated HackTheBox machine that involved getting a foothold related to a docker registry and then abusing and chaining multiple flaws to escalate privileges.
Forest is a pure Active Directory box that requires chaining multiple attacks on different services to gain access and escalate.
