Category

CTF Walkthroughs

CTF Walkthroughs, TryHackMe

TryHackMe – Skynet Walkthrough

Introduction

This was an easy Linux box that involved accessing an open SMB share containing a list of credentials that could be used to bruteforce a SquirrelMail web application, finding SMB credentials on the application to access a new share which revealed a second web application, and exploiting a remote file inclusion vulnerability in Cuppa CMS to gain remote access. Privilege escalation was possible due to a misconfigured cron job running as root and using a wildcard with the tar command.

Read more
April 25, 2021 | by Stefano Lanaro
CTF Walkthroughs, VulnHub

VulnHub – Kioptrix 1.4 Walkthrough

Introduction

This was an easy Linux box that involved exploiting a directory traversal vulnerability in the pChart web application in order to access the rules in the Apache configuration file, which revealed a user agent change was necessary to be able to navigate to the PHPTax web application hosted on port 8080, which was affected by a remote code execution vulnerability that could be used to gain remote access to the machine. A simple kernel exploit can then be used to escalate privileges to root.

Read more
April 24, 2021 | by Stefano Lanaro | Leave a comment
CTF Walkthroughs, Hack The Box

Hack The Box – Laboratory Walkthrough

Introduction

This was a fairly easy Linux box that involved exploiting a local file inclusion and remote code execution vulnerability in GitLab to gain remote access to the machine, obtaining administrative access to GitLab through the console to find a user’s private key and exploiting a PATH hijack vulnerability within a SUID script to escalate privileges to root.

Read more
April 20, 2021 | by Stefano Lanaro | 1 Comment
CTF Walkthroughs, Hack The Box

Hack The Box – Fuse Walkthrough

Introduction

This was an intermediate Windows machine that involved crawling a username and password from a web application to access RPC, through which a password stored in a printer’s description can be found in order to obtain remote access to the box, and exploiting a known vulnerability with the SeLoadDriverPrivilege permission to escalate privileges to SYSTEM.

Read more
March 25, 2021 | by Stefano Lanaro | Leave a comment
CTF Walkthroughs, Hack The Box

Hack The Box – CronOS Walkthrough

Introduction

This was an intermediate Linux machine that involved exploiting an SQL injection vulnerability to gain access to a traceroute page affected by a remote command vulnerability in order to obtain a reverse shell, and exploiting a PHP function used in a cron hob to gain root-level code execution and therefore a root shell.

Read more
March 23, 2021 | by Stefano Lanaro