Ellingson @ HackTheBox
Ellingson is fun and quick 40 points machine on hackthebox, featuring the abuse of the python/flask werkzeug debugger, cracking a password and a custom binary exploit. User Flag We start by scann...
Ellingson is fun and quick 40 points machine on hackthebox, featuring the abuse of the python/flask werkzeug debugger, cracking a password and a custom binary exploit. User Flag We start by scann...
SwagShop is a very easy machine on hackthebox, involving a public exploit and sudo abuse. User Flag We start with a quick port scan: PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.2...
Ghoul is a nice 40 points machine on hackthebox involving zip traversal, lateral movement, public exploits and some obscure hidden password in a git repository ;) User Flag As usual we start with...
Onetwoseven is a great machine on hackthebox, featuring symbolic links, port forwarding through sftp and some typical web application exploitation. For escalation of privilege we abuse sudo apt-get...
Unattended is a high difficulty machine on hackthebox, featuring manual sql injection, log poisoning and some guessing. User Flag Starting with a tcp port scan we get the following result: 80/tc...
Bastion is an easy 20 points machine on hackthebox. It is about mounting a .vhd file over the network, retrieving password hashes from backups (via SAM) and a privilege escalation that involves sto...
This short write-up is about Irked, a rather easy machine on hackthebox featuring an irc backdoor, some steganography and a simple abuse of a custom binary. User Flag The initial scan shows the f...
Kryptos is 50 points machine on hackthebox, involving some interesting techniques, like setting up a fake database and making the application use it, abusing a weak rc4 implementation, pivoting thr...
Redcross is a machine on hackthebox.eu, featuring sql injection, cookie reuse and a nice binary exploitation challenge, which I enjoyed a lot. User Flag Starting off with nmap we get the followin...
LaCasaDePapel is a rather easy machine on hackthebox.eu, featuring the use of php reflection, creating and signing of client certificates and the abuse of a cronjob. Unfortunately the box was very ...