TL;DR This is a walkthrough writeup on Shibboleth which is a Linux box categorized as medium difficulty on HackTheBox.The initial foothold was gained by dumping the IPMI password hashes through the asf-rmcp service running on UDP port 623 & leveraging these credentials to get code execution through the Zabbix server dashboard. Lateral privesc was made […]

TL;DR This is a walkthrough writeup on Horizontall which is a Linux box categorized as easy on HackTheBox. Primarily, the crux about rooting this was enumeration & CVE exploitation. The initial foothold was gained by enumerating and exploiting Strapi using CVE-2019-19609, and later the privilege escalation part was done using CVE-2021-3129. Walkthrough Horizontall Writeup: Scanning […]

TL;DR This is a walkthrough writeup on Forge which is a Linux box categorized as medium on HackTheBox. The initial foothold was gained by discovering and exploiting SSRF (Server-Side Request Forgery) in a file upload functionality to access an internal sub-domain which revealed the FTP credentials using which we were able to read the SSH […]

TL;DR This is a walkthrough writeup on Previse which is a Linux box categorized as easy on HackTheBox. The initial foothold was gained by discovering and exploiting command injection in POST request parameter, meanwhile the privilege escalation part was done using PATH variable exploitation. Overall an easy & beginner friendly box. Walkthrough Previse Writeup: Scanning […]

TL;DR This is a walkthrough writeup on Delivery which is a Linux box categorized as easy on HackTheBox, created by our messiah Ippsec. This box has Mattermost and osTicket running on it. The initial foothold was gained by impersonating email to read the Mattermost server chat which revealed the SSH credentials. Privilige Escalation required us […]

TL:DR This is a walkthrough writeup on Cap which is a Linux box categorized as easy on HackTheBox. The initial foothold was gained by exploiting the parameter tampering vulnerability on the webpage, that exposed the credentials for FTP, which were also valid for SSH due to password reusability. Privilege escalation was rather easy on this […]

TL;DR This is a walkthrough writeup on Shocker which is a Linux box categorized as easy on HackTheBox. The initial foothold was gained by discovering & exploiting the ShellShcok vulnerability to gain the user shell. Priviliege escalation part was relatively easy and was done by exploiting the SUDO permissions for the user. Overall, this was […]

TL;DR This is a walkthrough writeup on BountyHunter which is a Linux box categorized as easy on HackTheBox. The initial foothold was gained by discovering and exploiting XXE vulnerability, meanwhile the privilege escalation part was interesting and required us to do some basic code analysis. This was my first ever Active Box which I rooted, […]