Registry is a box rated at hard difficulty. There are quite a few steps involved, but with a bit of persistence and little experience with Docker internals (hint hint), it looks more daunting than it actually is. Let's go through the process of breaking in step by step! Out initial nmap scan is as unexciting… Continue reading HackTheBox Registry Write-up
Tag: hackthebox
HackTheBox Fuzzy Write-up
Fuzzy is a fun and short challenge on a docker container. It is especially good for teaching beginners the basics of using a fuzzer to discover new endpoints on a webserver. Spawning the container and probing around a bit, we don't have too much success. Using dirbuster and a standard wordlist, we find the endpoint… Continue reading HackTheBox Fuzzy Write-up
HackTheBox Mango Write-up
Mango was an interesting box when it comes to enumeration. It taught me to look more closely and not brush off anything just because I have seen it before. The box is also a prime lesson to aggregate your recon info in a structured manner so it's easier to apply it at other points when… Continue reading HackTheBox Mango Write-up
HackTheBox Postman Write-up
Postman was an easy-going box. It required careful enumeration and beyond that did not have too much resistance in privilege escalation. This makes it a prime example for real-world M&M security where the initial foothold is hard, but there is few resistance on the inside. Let's start out by scanning the machine: # nmap -sS… Continue reading HackTheBox Postman Write-up
HackTheBox Obscurity Write-up
Obscurity is a medium-difficulty box. It was super fun to solve because it involved great excuses for me to write some neat little helper scripts and find a vulnerability in Python code. Something you don't do too often in these challenges. Let's dive right in with a nmap scan: $ nmap -sS -sC -oN obscurity.nmap… Continue reading HackTheBox Obscurity Write-up
HackTheBox OpenAdmin Write-up
OpenAdmin is yet another medium-difficulty machine, which was a blast to hack on! It involved dealing with various stack components, such as interacting directly with a MySQL database. Furthermore, hopping across multiple users through different escalation vectors was very satisfying. Let's see how it is done! Our first nmap scan does not yield any exciting… Continue reading HackTheBox OpenAdmin Write-up
HackTheBox Traverxec Write-up
Traverxec is an interesting box, mainly because the HackTheBox team rated it as easy while the community disagreed and voted it to medium difficulty. It involved a funky privilege escalation that I had not seen before. Let's see how it's done! Our first nmap scan does not return exciting results: $ nmap -sS -sC -oN… Continue reading HackTheBox Traverxec Write-up
HackTheBox Wall Write-up
Wall was as much a fun and educational box as it was frustrating and stretching my patience. It felt like the system was updated by the creator to have some features in place meant to annoy people trying to break in. Nevertheless, there are some nice WAF evasion techniques to consider here, as well as… Continue reading HackTheBox Wall Write-up
HackTheBox fs0sciety Write-up
fs0ciety is yet another low-hanging fruit among the HackTheBox challenges. It's great for beginners who want to test their process for cracking password-protected zip files and recognition of various encodings. For that, we will use fcrackzip - simply for the reason that it has been around for ages and ships with Kali by default. I… Continue reading HackTheBox fs0sciety Write-up
HackTheBox 0ld_is_g0ld Write-up
0ld_is_g0ld is a HackTheBox challenge and a great way for beginners to familiarize themselves with PDF password cracking. If you have used Hashcat before, it's an easy win. Verifying we indeed are targeting the correct file format: $ file 0ld\ is\ g0ld.pdf 0ld is g0ld.pdf: PDF document, version 1.6 We can extract the hash using… Continue reading HackTheBox 0ld_is_g0ld Write-up
plaintext 