HackTheBox Postman Write-up

Postman was an easy-going box. It required careful enumeration and beyond that did not have too much resistance in privilege escalation. This makes it a prime example for real-world M&M security where the initial foothold is hard, but there is few resistance on the inside. Let’s start out by scanning the machine: There are a few interesting things here already. We have a webserver running … Continue reading HackTheBox Postman Write-up

HackTheBox Obscurity Write-up

Obscurity is a medium-difficulty box. It was super fun to solve because it involved great excuses for me to write some neat little helper scripts and find a vulnerability in Python code. Something you don’t do too often in these challenges. Let’s dive right in with a nmap scan: Checking port 8080 on the server, we find the following text: Challenge accepted. The developer message … Continue reading HackTheBox Obscurity Write-up

HackTheBox OpenAdmin Write-up

OpenAdmin is yet another medium-difficulty machine, which was a blast to hack on! It involved dealing with various stack components, such as interacting directly with a MySQL database. Furthermore, hopping across multiple users through different escalation vectors was very satisfying. Let’s see how it is done! Our first nmap scan does not yield any exciting results: On port 80, we see the default Ubuntu Apache … Continue reading HackTheBox OpenAdmin Write-up

HackTheBox Traverxec Write-up

Traverxec is an interesting box, mainly because the HackTheBox team rated it as easy while the community disagreed and voted it to medium difficulty. It involved a funky privilege escalation that I had not seen before. Let’s see how it’s done! Our first nmap scan does not return exciting results: On port 80, we see a portfolio website. Nothing exciting seems to be hidden here. … Continue reading HackTheBox Traverxec Write-up

The DEFCON 27 Packet Hacking Village Honeypot Challenge

This year marks the first time I got to attend DEFCON Las Vegas — one of the largest hacker conferences in the world. There are a plethora of things to discover and try out. The talks can be streamed later, but the workshops and spontaneous gatherings? A challenge that caught my eye was the honeypot challenge in the packet hacking village. The setting is simple: You gain … Continue reading The DEFCON 27 Packet Hacking Village Honeypot Challenge

HackTheBox fs0sciety Write-up

fs0ciety is yet another low-hanging fruit among the HackTheBox challenges. It’s great for beginners who want to test their process for cracking password-protected zip files and recognition of various encodings. For that, we will use fcrackzip – simply for the reason that it has been around for ages and ships with Kali by default. I have sourced my wordlist from here. Let’s fire up the … Continue reading HackTheBox fs0sciety Write-up