Recent Posts

HTB Bastion Writeup by dmw0ng

Bastion is an easy box that we start by getting a Windows backup from an open SMB share. We crack the SAM file and get a password. From there we ssh in the machine and find an mRemoteNG configuration file that we use to get the Adminisrator password and finish the box.

HTB OneTwoSeven Writeup by dmw0ng

OneTwoSeven is a hard box that starts by logging into sftp and creating multiple symlinks to enumerate files. From one of these files we get credentials and move on to port-forward to get access to a plugin upload website from which we can get RCE. For privesc we MITM attack an apt-get update that we have sudo rights with, create a malicious package and gain root access.

HTB LaCasaDePapel Writeup by dmw0ng

LaCasaDePapel is an easy box in which we get our foothold by entering a php-debugging console that runs on the ftp port to get an SSH key. For privesc we abuse a cronjob to gain root and finish the box.

HTB Luke Writeup by Spenge

Luke was a great box for those looking to up the difficulty a bit when coming from easy boxes. Once again enumeration is key, and the box involved a lot of the basics while looking a bit more in depth at web exploitation and an API, finally we abused the Ajenti web panel to access files and optionally for file upload.

HTB Querier Writeup by dmw0ng

Querier was a really fun Windows box that involved some skills around MSSQL, Responder, and some classic Windows priv esc techniques.

HTB Fortune Writeup by Spenge

Fortune was a tough puppy to crack, it requires good enumeration skills and web exploitation to abuse weak input validation. Knowing how SSL and certificates work made it much more achievable.