HackTheBox – Schooled Write-up

Hi everyone! Today’s post is on Schooled, a medium-level HackTheBox FreeBSD machine. This machine was released on 4 April 2021. This challenge test on enumerating vhost for subdomains, XSS to steal session cookies, exploiting Moodle’s CVE2020-14321 for RCE, accessing MySQL for user table’s BCrypt hash password, hashcat to crack the hash, and exploiting pkg GTFObins […]

HackTheBox – Explore Write-up

Hi everyone! Today’s post is on Explore, the first-ever Android machine on HackTheBox. This machine was released on 27 June 2021. To pwn this machine, ES File Explorer open port vulnerability is exploited to arbitrary read content on the machine. Credentials are obtained before SSH tunneling is used to access ADB open port in port […]

HackTheBox – Love Write-up

Hi everyone! Today’s post is on Love, an easy Windows 10 machine on HackTheBox. It was created on 2nd May 2021. There are two ways for the initial foothold before accessing the server as a user account which is SQL injection via CVE-liked disclosure on exploitDB for Voting System 1.0 or SSRF in a subdomain […]

HackTheBox – Armageddon Write-up

Dear readers, Today’s post is on Armageddon, a GNU/Linux easy machine on HackTheBox. It was created on 28th March 2021. This challenge tests on find CVE vulnerability on a website, pivoting from apache user from web shell to local user by getting information from MySQL using MySQL one-liner, cracking the hash, and privilege escalation through […]

HackTheBox – Writeup Write-up

Hi everyone! Today’s post is on Writeup, an easy HackTheBox GNU/Linux machine. It was released on 9th June 2019. To access the server to get the user flag is fairly simple but to escalate privileges is quite hard for me to find clues until HackTheBox’s discussion forum helped me with some clues. This machine is […]

HackTheBox – OpenAdmin Write-up

Hi everyone! Today’s post is on OpenAdmin, an easy GNU/Linux machine on HackTheBox. However, many people and I feel that it is more a medium rating machine. OpenAdmin was launched on 5th January 2020. This machine focuses on OpenNetAdmin 18.1.1 CVE to gain access to the server, bad password habit for user account pivoting, file […]

HackTheBox – Shocker Write-up

Hi everyone! Today’s post is on Shocker, an easy GNU/Linux machine on HackTheBox. It was created on 1st October 2017. It is a very easy machine which can probably take you less than 10 mins to pwn it. The only time-consuming part is choosing the right tool for enumeration. This machine is on exploiting shell […]

HackTheBox – Knife Write-up

Dear readers, Today’s post is on Knife, a HackTheBox easy machine that is based on GNU/Linux. It was created on 24th May 2021. This machine is mostly about finding a CVE-liked vulnerability in the web application and using Knife for privilege escalation. Let’s get started! Tools required Nmap Burpsuite Python3 (Optional) If you are using […]