Mango is a medium difficulty box where with basic enumeration and some MongoDB NOSQL Injection we can extract user passwords to log in and get user access. From there we will leverage a classic jjs privilege escalation to get root access and read the root.txt file.
Traverxec is an easy difficulty box in which we are able to leverage a directory traversal vulnerability in Nostromo to achieve remote command execution. We use a Metasploit exploit to gain a shell on the machine as www-data. Because of file/directory permission misconfiguration we can access a backup file containing user credentials, and then elevate our privileges to the root account via the user’s sudo privilege and a known shell escape for journalctl where the less pager allows us to execute commands as root.
CVE-2019-19699 Centreon =< 19.10 Proof of Concept Authenticated Remote Code Execution (CVE-2019-19699) Privilege escalation (Walkthrough & Mitigation)
Registry is a Hard-rated HackTheBox machine that involved getting a foothold related to a docker registry and then abusing and chaining multiple flaws to escalate privileges.
Forest is a pure Active Directory box that requires chaining multiple attacks on different services to gain access and escalate.
Zetta is a hard box in which you have to leak the machine’s IPv6 address to be able to gain access. After that, rsync credential bruteforcing and a SQL injection lead to privilege escalation to root.
AI is a medium difficulty box that we own by exploiting an SQL injection through an audio file on an ‘Artificial Intelligence’ software. After that we escalate to root abusing a JDWP instance that is running locally.
Wall is a medium difficulty machine that we own by exploiting an RCE vulnerability in Centreon and then escalating privileges using a SUID binary.
