Hack The Box – Bank Walkthrough
Introduction
This was an easy Linux machine that involved exploiting a file upload functionality to gain initial access and a binary with the SETUID bit assigned to escalate privileges to root.
Read moreTag
This was an easy Linux machine that involved exploiting a file upload functionality to gain initial access and a binary with the SETUID bit assigned to escalate privileges to root.
Read moreThis was an intermediate Linux machine that involved exploiting a remote file inclusion in the WordPress plugin to gain initial access and various misconfigurations with the Tar binary to escalate privileges to root.
Read moreThis was a very easy Linux machine that required to exploit the Drupalgeddon2 vulnerability and finding clear-text database credentials in order to gain remote access to the host, and the Snap binary with Sudo permissions enabled to escalate privileges to root.
Read moreThis was an easy BSD box that involved identifying user credentials for a pfSense instance and exploiting a known command injection vulnerability affecting the product to gain root-level access on the machine.
Read moreThis was a hard Windows machine that involved exploiting a directory traversal vulnerability to forge session cookies and hijack an admin user’s session, a file upload functionality through which remote command execution can be obtained, and a SQL injection vulnerability to escalate privileges to Administrator
Read moreThis was an easy Windows machine that involved exploiting an unauthenticated remote code execution vulnerability through file upload bypass affecting Gym Management System to gain initial access and a buffer overflow vulnerability in the CloudMe software to escalate privileges to Administrator.
Read moreThis was an intermediate Windows machine that involved exploiting a vulnerability in Electron-Builder to gain initial access, a clear-text Redis password, and a vulnerability in Portable Kanban to decrypt the administrator password and escalate privileges.
Read moreThis was an intermediate Linux machine that involved exploiting a deserialization vulnerability in the SnakeYaml parser to gain initial access, and a misconfigured WebAssembly binary with Sudo permissions set to escalate privileges to root.
Read moreThis was an easy Linux machine that involved finding database credentials contained in a backup WordPress instance to gain initial access and exploiting the /sbin/initctl binary with Sudo permissions to escalate privileges to root.
Read moreThis was an intermediate Linux machine that involved chaining a local file inclusion and remote code execution vulnerability to gain initial access, and exploiting an issue with the Chkrootkit software to escalate privileges.
Read more