Recent Posts

HTB Mango Writeup by plasticuproject

Mango is a medium difficulty box where with basic enumeration and some MongoDB NOSQL Injection we can extract user passwords to log in and get user access. From there we will leverage a classic jjs privilege escalation to get root access and read the root.txt file.

HTB Traverxec Writeup by plasticuproject

Traverxec is an easy difficulty box in which we are able to leverage a directory traversal vulnerability in Nostromo to achieve remote command execution. We use a Metasploit exploit to gain a shell on the machine as www-data. Because of file/directory permission misconfiguration we can access a backup file containing user credentials, and then elevate our privileges to the root account via the user’s sudo privilege and a known shell escape for journalctl where the less pager allows us to execute commands as root.

Centreon ARCE CVE by SpengeSec

CVE-2019-19699 Centreon =< 19.10 Proof of Concept Authenticated Remote Code Execution (CVE-2019-19699) Privilege escalation (Walkthrough & Mitigation)

HTB Registry Writeup by Celesian

Registry is a Hard-rated HackTheBox machine that involved getting a foothold related to a docker registry and then abusing and chaining multiple flaws to escalate privileges.

HTB Forest Writeup by dmw0ng

Forest is a pure Active Directory box that requires chaining multiple attacks on different services to gain access and escalate.

HTB Zetta Writeup by dmw0ng

Zetta is a hard box in which you have to leak the machine’s IPv6 address to be able to gain access. After that, rsync credential bruteforcing and a SQL injection lead to privilege escalation to root.

HTB AI Writeup by dmw0ng

AI is a medium difficulty box that we own by exploiting an SQL injection through an audio file on an ‘Artificial Intelligence’ software. After that we escalate to root abusing a JDWP instance that is running locally.

HTB Wall Writeup by dmw0ng

Wall is a medium difficulty machine that we own by exploiting an RCE vulnerability in Centreon and then escalating privileges using a SUID binary.