SQLi, ToC/ToU & Arbitrary File Write – Proper @ HackTheBox
xct2021-08-21T17:08:08+00:00We are solving Proper, a 40-point Windows machine on HackTheBox created by jkr and me. This box involves a custom SQL-Injection and a Remote-File-Inclusion that is quite tricky to exploit. Root is about a custom service binary running as SYSTEM and requires some light golang reversing and knowledge about windows...
DNS Rebinding, XSS & 2FA SSH – Crossfit2 @ HackTheBox
xct2021-08-14T13:00:31+00:00We are solving Crossfit2, a 50-point OpenBSD machine on HackTheBox.
JWT & Docker CVE – TheNotebook @ HackTheBox
xct2021-08-14T12:58:07+00:00We are solving TheNotebook, a 30-point Machine on HackTheBox where we'll modify a JWT Token, upload a PHP-Webshell and use a Docker CVE to escalate privileges.
Drupalgeddon & Sudo Snap Install – Armageddon @ HackTheBox
xct2021-07-24T16:12:49+00:00We are solving Armageddon, a really easy 20-point machine on HackTheBox that involves the drupalgeddon exploit, reading & cracking a password from the database, and finally exploiting "sudo snap install *".
LFI to RCE, Sticky Notes & SQLi – Breadcrumbs @ HackTheBox
xct2021-07-17T10:01:43+00:00We are solving Breadcrumbs, a 40-point Windows machine on HackTheBox. For user, we exploit an LFI to read PHP source code, forge a session cookie & upload a PHP shell. Root involves dumping sticky notes content & exploiting a SQL injection.
Electron-Updater RCE – Atom @ HackTheBox
xct2021-07-10T07:59:56+00:00We are going to solve Atom, a 30-point machine on HackTheBox where we'll analyze an electron app and exploit its updater. For root we will enumerate the running Redis instance, find an encrypted kanban password and then decrypt it.