Search

XSS Finder Tools is a pwn challenge from 1337 UP live CTF

RedCross is a medium hackthebox machine that involves a huge path to get user, so let's jump straight into the writeup

LaCasaDePapel is an easy hackthebox machine that involves chaning vstfpd backdoor to read a private key file and generate a new ssl cert to exploit a LFI, for root we can create memcached.ini file to execute commands as root

Bastion is an easy hackthebox machine that involves a READ/WRITE share over smb to get a vhd backup file, then we can use secretdump.py to get user hash & password, For root we will decrypt mRemoteNG password and ssh as Administrator

Access is an easy hackthebox machine that involves anonymous ftp login to download files and there are some creds outlook file, we can use that to get shell via telnet. For root we use the saved cred to run commands as Administrator using runas

Frienzone is an easy hackthebox machine that involves a bunch of rabbit holes. We need to chain lfi and writable smb share to get RCE, ann for root the os.py is world writable, we will write our system commands there to get code execution

Forest is an easy machine from HackTheBox which involves a couple of AD attacks

Squashed is an easy hackthebox machine that was created by polarbearer & C4rm3l0 which involves a writeable share to upload a php shell on the webapp, for root we will enumeate X11 and get root credentials by taking screenshots

Silo is Medium machine in HackTheBox which involves oracle db default creds bruteforce for initial foothold and we can root this box in multiple ways

BountyHunter is an easy machine from HackTheBox, which involves XXE for the foothold to read local files. Then we will use it to get the creds stored in `db.php` and ssh in. For the root we need to exploit a validator script in python that has vulnerable eval function without backlisting the user input

GoodGames is an easy hackthebox machine that created by TheCyberGeek, which involves sqli in a login page to get a easily crackable hash, After logging in as admin we can see the Flask Volt service running on a different host. They've used same password for both hosts, so we can login there as admin and do a ssti to get initial shell, but it was a docker container and they've mounted the /home/ directory to that, so we can do a interesting method to privesc frome there

Remote is an easy machine from hackthebox that involves xslt injection in umbraco cms to get initialfoothold, and SeImpersonatePrivilege for the root

Write up for the machine "Active" from HackTheBox

This is a hackthebox starting point machine that deals with SMB, MSSQL protocols

Write up for the challenge "Bellcode" from Imaginary CTF

Write up for the challenge "pyprision" from Imaginary CTF

Write up for the machine "Valentine" from HackTheBox

Write up for the challenge "HTB Console" from HackTheBox

Write up for the challenge "REG" from HackTheBox

Write up for the challenge "Optimistic" from HackTheBox

Write up for the challenge "Bat Computer" from HackTheBox

Write up for the challenge "Jeeves" from HackTheBox

Write up for the machine "nibbles" from HackTheBox

Write up for the machine "Bashed" from HackTheBox

Write up for the challenge "Easy Register" from 1337UP CTF

This blog post covers and helps you to create your Vulnerable VM

We're going to create a build script to automate the creation of the Vulnerable VM

Here we're going to see how to install vagrant in Windows operating system

Write up for the machine "Pandora" from HackTheBox

Cap is an easy machine in HTB that involves idor to dowload a pcap, you can find ssh creds there, then we need to use python cap_setuid to priv esc to root