Player @ HackTheBox
Player is a hard box, that we solved in unintended ways that are partly patched now. User & Root Enumerating subdomains we find: staging.player.htb, dev.player.htb, chat.player.htb. On dev....
Player is a hard box, that we solved in unintended ways that are partly patched now. User & Root Enumerating subdomains we find: staging.player.htb, dev.player.htb, chat.player.htb. On dev....
Challenge “Weakened Keys” was an interesting crypto challenge on InfernoCTF. They gave us this to work with: Encrypted Test= '0mu0T97looX5/Oorw8ASGxfqMqrNoFajZupXrjtIAj7ECJdQXZzEmbEwdRV2J2MI' Te...
Challenge ABCDEFGHIJKLMNOPQRSTUVWXYZ ., AHTNTRZPBEMVVUGIKBZNEYN,IPAZPWEQZBROKYSAG, GLNSMIZPPNAGAUCLFRKJKHVCSTSZDSCJFMSBKMHMMRA,THANLDUULHG WDPVUQKNATYMRA THIS NEW ENCRYPTION METHOD IS EXCELLENT ...
Heist is an “easy” machine on HackTheBox, involving some enumeration (especially rpc) and some forensics (dumping firefox memory). User Flag Open Ports: 80/tcp open http 135/tcp open msrpc 44...
Safe is an “easy” machine on hackthebox, involving a simple buffer overflow and cracking a keepass file. User Flag We use ropstar, get a shell and the user flag. Root Flag Using keepass2john we...
I encountered a lot of pwn challenges recently, so I decided to automate a lot of it in ropstar. The tool basically solves simple linux bof challenges by using rop chains to bypass nx. It can also ...
Fortune is a 50 point machine on hackthebox.eu featuring OpenBSD. I was lucky enough to get first blood on this box thanks to my team at the time p0l1T3am and especially ykataky. Techniques require...
Craft is a medium difficulty box. User First we enumerate sub domains and find “https://gogs.craft.htb/”, where we find credentials in the commit history: “dinesh:4aUh0A8PbVJxgd”. In addition the...
This post is about hackback, a really interesting and challenging machine that was released on 23.02.19 on hackthebox.eu. Techniques used on this box are javascript deobfuscation, command injection...
Haystack is a 20 points machine on hackthebox, which in my opinion is not as easy as one might think. It involves some typical ctf steps for user and a nice privilege escalation which requires abus...