Recent Posts

HTB Writeup Writeup by dmw0ng

Writeup is an easy box in which we exploit a vulnerability in CMSMadeSimple to get ssh credentials. After that we privesc abusing a writeable directory in the PATH that leads to execution by a process that spawns when an ssh session is started.

HTB Bastion Writeup by dmw0ng

Bastion is an easy box that we start by getting a Windows backup from an open SMB share. We crack the SAM file and get a password. From there we ssh in the machine and find an mRemoteNG configuration file that we use to get the Adminisrator password and finish the box.

HTB OneTwoSeven Writeup by dmw0ng

OneTwoSeven is a hard box that starts by logging into sftp and creating multiple symlinks to enumerate files. From one of these files we get credentials and move on to port-forward to get access to a plugin upload website from which we can get RCE. For privesc we MITM attack an apt-get update that we have sudo rights with, create a malicious package and gain root access.

HTB LaCasaDePapel Writeup by dmw0ng

LaCasaDePapel is an easy box in which we get our foothold by entering a php-debugging console that runs on the ftp port to get an SSH key. For privesc we abuse a cronjob to gain root and finish the box.