HackTheBox

Note: Writeups/Walkthroughs on this blog are published only after the particular box is retired from HackTheBox active machines.

HackTheBox: Sau

Sau is an Easy Difficulty Linux machine that features a Request Baskets instance that is vulnerable to Server-Side Request Forgery (SSRF) via CVE-2023-27163. Leveraging the vulnerability we are to gain access to a Maltrail instance that is vulnerable to Unauthenticated OS Command Injection, which allows us to gain a reverse shell on the machine as puma. A sudo misconfiguration is then exploited to gain a root shell.

HackTheBox: Certified

This writeup covers the assumed breach scenario for HackTheBox Certified, demonstrating enumeration, privilege escalation, and exploitation of Active Directory and ADCS vulnerabilities to achieve domain administrator access.

HackTheBox: Aero

This writeup demonstrates enumeration and exploitation of Windows services on HackTheBox Aero, including web and network service attacks.

HackTheBox: Jeeves

This writeup covers the exploitation of Jenkins and Windows services on HackTheBox Jeeves, including reverse shell generation and privilege escalation.

HackTheBox: Netmon

This writeup describes the exploitation of FTP and web services on HackTheBox Netmon, including anonymous access and privilege escalation.