Hack The Box – Networked Walkthrough
Introduction
This was an easy Linux machine that involved exploiting a vulnerable file upload functionality to gain initial access and various misconfigured scripts on the box to escalate privileges to root.
Tag
Hack The Box
Hack The Box – SkriptKiddie Walkthrough
Introduction
This was an easy Linux machine that involved exploiting a vulnerability in MSFVenom to gain remote code execution, a misconfigured Bash script to escalate to the “pwn” user, and a Sudo rule to escalate privileges to root.
Hack The Box – Jarvis Walkthrough
Introduction
This was an intermediate Linux machine that involved exploiting a SQL injection vulnerability to gain initial access, a misconfigured Python script to escalate to the “pepper” user and the Systemctl binary with SUID privileges set to escalate to root.
Hack The Box – Delivery Walkthrough
Introduction
This was an intermediate Linux machine that involved exploiting the ticket reply via email functionality of osTicket to access a MatterMost web application to find SSH credentials and using Hashcat rules to crack root hashes stored in the MySQL database to escalate privileges.
Hack The Box – Passage Walkthrough
Introduction
This was an intermediate Linux machine that involved exploiting a remote code execution vulnerability in the CuteNews web application to gain initial access, exposed user password hashes to gain a user shell, and a vulnerability in the USBCreator D-Bus interface to escalate privileges to root.
Hack The Box – Chatterbox Walkthrough
Introduction
This was an easy Windows box that involved exploiting a remote buffer overflow vulnerability in the Chatterbox application to gain initial access and using cached autologon credentials to execute a reverse shell as the Administrator user and escalate privileges.
Hack The Box – Bounty Walkthrough
Introduction
This was an easy Windows machine that involved uploading a web.config file onto a Windows ASP web server to gain remote code execution and exploiting token impersonation to escalate privileges to system.
Hack The Box – Bucket Walkthrough
Introduction
This was an intermediate Linux box that involved exploiting an insecure AWS S3 bucket to upload a PHP reverse shell to gain remote access, using credentials found in an unprotected DynamoDB database to gain a user shell and exploiting a vulnerable PHP script to extract the root user’s private SSH keys and escalate privileges to root through the DynamoDB database.
Hack The Box – Laboratory Walkthrough
Introduction
This was a fairly easy Linux box that involved exploiting a local file inclusion and remote code execution vulnerability in GitLab to gain remote access to the machine, obtaining administrative access to GitLab through the console to find a user’s private key and exploiting a PATH hijack vulnerability within a SUID script to escalate privileges to root.
Hack The Box – Fuse Walkthrough
Introduction
This was an intermediate Windows machine that involved crawling a username and password from a web application to access RPC, through which a password stored in a printer’s description can be found in order to obtain remote access to the box, and exploiting a known vulnerability with the SeLoadDriverPrivilege permission to escalate privileges to SYSTEM.