Safe @ HackTheBox
Safe is an “easy” machine on hackthebox, involving a simple buffer overflow and cracking a keepass file. User Flag We use ropstar, get a shell and the user flag. Root Flag Using keepass2john we...
Safe is an “easy” machine on hackthebox, involving a simple buffer overflow and cracking a keepass file. User Flag We use ropstar, get a shell and the user flag. Root Flag Using keepass2john we...
I encountered a lot of pwn challenges recently, so I decided to automate a lot of it in ropstar. The tool basically solves simple linux bof challenges by using rop chains to bypass nx. It can also ...
Fortune is a 50 point machine on hackthebox.eu featuring OpenBSD. I was lucky enough to get first blood on this box thanks to my team at the time p0l1T3am and especially ykataky. Techniques require...
Craft is a medium difficulty box. User First we enumerate sub domains and find “https://gogs.craft.htb/”, where we find credentials in the commit history: “dinesh:4aUh0A8PbVJxgd”. In addition the...
This post is about hackback, a really interesting and challenging machine that was released on 23.02.19 on hackthebox.eu. Techniques used on this box are javascript deobfuscation, command injection...
Haystack is a 20 points machine on hackthebox, which in my opinion is not as easy as one might think. It involves some typical ctf steps for user and a nice privilege escalation which requires abus...
In this post I will walk through the process of creating a simple coverage based fuzzer. The code of this project is on available here. The general idea here is that you download the code and read ...
Writeup is a nice, medium difficulty machine on hackthebox, featuring the use of a publicly available sql injection exploit and a rather unique way to get root by using path poisoning. User Flag ...
Smasher2 is a difficult 50 points machine on hackthebox, involving some guessing to get the user flag (because the author left in an unintended solution), and a custom kernel exploit to get root. ...
Luke is a rather short, easy machine on hackthebox, which was nonetheless fun to solve and our team got both first bloods here. User & Root Flag We start with a quick tcp port scan and see th...