Recent Posts

Centreon ARCE CVE by SpengeSec

CVE-2019-19699 Centreon =< 19.10 Proof of Concept Authenticated Remote Code Execution (CVE-2019-19699) Privilege escalation (Walkthrough & Mitigation)

HTB Registry Writeup by Celesian

Registry is a Hard-rated HackTheBox machine that involved getting a foothold related to a docker registry and then abusing and chaining multiple flaws to escalate privileges.

HTB Forest Writeup by dmw0ng

Forest is a pure Active Directory box that requires chaining multiple attacks on different services to gain access and escalate.

HTB Zetta Writeup by dmw0ng

Zetta is a hard box in which you have to leak the machine’s IPv6 address to be able to gain access. After that, rsync credential bruteforcing and a SQL injection lead to privilege escalation to root.

HTB AI Writeup by dmw0ng

AI is a medium difficulty box that we own by exploiting an SQL injection through an audio file on an ‘Artificial Intelligence’ software. After that we escalate to root abusing a JDWP instance that is running locally.

HTB Wall Writeup by dmw0ng

Wall is a medium difficulty machine that we own by exploiting an RCE vulnerability in Centreon and then escalating privileges using a SUID binary.

HTB Heist Writeup by dmw0ng

Heist is an easy box in which we first crack found creds on the website to access RPC. From there we enumerate users and use one of them with the previously obtained passwords to log into WinRM. We find out that a Firefox process memory dump in the disk and analyze it to discover credentials that allow us to escalate to Administrator and own the box.

HTB Chainsaw Writeup by FizzBuzz101

Chainsaw was quite an interesting and difficult box involving some blockchain programming. After I finished the box, I found out that root could also be done with blockchain programming but I just hijacked the path to finish it up; you can check out some other writeups if you are interested in seeing that root method. Anyways, let us begin!