TL;DR This is a writeup on Arctic which is a Linux box categorized as easy on HackTheBox, and has Adobe’s ColdFusion as a primary service running on it. The exploitation essentially leverages enumeration and CVEs, namely Adobe ColdFusion – Directory Traversal & MS10_092. Interestingly, it does require us to escalate the user privileges for obtaining […]
Legacy Writeup/Walkthrough Hack the box
Legacy Writeup Summary TL;DR This writeup is based on Legacy on Hack the box. It was a windows box. It starts with Samba. In this machine, Samba has two bugs, which are SMB vulnerability(Eternal Blue or MS17-010) and Remote Code Execution vulnerability (MS08-067). We have both ways to exploit the vulnerability and get the shell. […]
Lame Writeup / Walkthrough Hack the box
Lame Writeup Summary TL;DR This writeup is based on Lame on Hack the box. It was a Linux box. It starts with two major services, vsftpd, and Samba. We tried FTP logon but didn’t get anything interesting. Then try to exploit Samba service via command injection in the username field. Using samba service exploitation, we […]
Redcross Writeup / Walkthrough Hack the box
Redcross writeup Summery TL;DR This Writeup is about Redcross on hack the box. It was a Linux box. It starts off with web exploitation via xss on admin stealing his cookies to login to the admin panel. Than command injection in the firewall to get a shell as www-data after recon we find the password […]
Enterprise Writeup / Walkthrough Hack the box
Enterprise Writeup TL;DR This Writeup is about Enterprise, on hack the box. It was a Linux box. It starts off with a SQLInjection for an initial foothold. We dump a database find passwords login to WordPress and get a shell. There we find we are in a docker network. So we port forward a host and […]
Traverxec Writeup / Walkthrough Hack the box
Traverxec writeup Summery TL;DR This Writeup is about Traverxec, on hack the box. It was a Linux box. It starts off with a public exploit on Nostromo web server for the initial foothold. Then we enumerate and find a directory readable by www-data inside a david users home directory there we find a ssh key […]
Postman Writeup / Walkthrough Hack the box
Postman Writeup Summery TL;DR This Writeup is about Postman, on hack the box. It was a Linux box that starts off with Redis exploitation to get an initial foothold. Then we enumerate and find an encrypted ssh key of matt. Next, we crack the ssh key’s passphrase. We use the same credentials on the Webmin […]
Heist Writeup / Walkthrough Hack the box
Heist Writeup Summery TL;DR This writeup is about Heist, it was a windows box that starts off with a webserver we log in as a guest. There we find a config file in which we find encrypted hash’s. from there we get the password. we do a deep port scan find a winrm open we […]