HackMyVM: Gameshell2
We enumerate users via the Finger protocol, beat a terminal-based Snake game to gain SSH access, and pivot through an internal subdomain using Phpsploit to escalate privileges via the ‘uv’ tool.
We enumerate users via the Finger protocol, beat a terminal-based Snake game to gain SSH access, and pivot through an internal subdomain using Phpsploit to escalate privileges via the ‘uv’ tool.
Sau is an Easy Difficulty Linux machine that features a Request Baskets instance that is vulnerable to Server-Side Request Forgery (SSRF) via CVE-2023-27163. Leveraging the vulnerability we are to gain access to a Maltrail instance that is vulnerable to Unauthenticated OS Command Injection, which allows us to gain a reverse shell on the machine as puma. A sudo misconfiguration is then exploited to gain a root shell.
This writeup covers an assumed breach scenario on HackTheBox Voleur, involving Kerberos ticket authentication, DPAPI secret extraction from archived user profiles, targeted Kerberoasting, and NTDS dump via WSL to achieve domain administrator access.
This writeup covers the assumed breach scenario for HackTheBox Certified, demonstrating enumeration, privilege escalation, and exploitation of Active Directory and ADCS vulnerabilities to achieve domain administrator access.
This writeup demonstrates enumeration and exploitation of Windows services on HackTheBox Aero, including web and network service attacks.