HackTheBox – Trick Write-up

Hi everyone! This is a Linux machine where the initial access is very CTF-like thus is not to my liking. However, I like the privilege escalation method as it is not very common. The initial access requires us to enumerate DNS such as zone transfer to reveal the subdomain name. There are plenty of rabbit […]

HackTheBox – Support Write-up

Hi everyone! This machine is an Active Directory machine where we have to enumerate SMB shared folder, use dnSpy to reverse engineer a .NET binary for LDAP credentials, LDAP query to find another user’s credentials, initial access via winrm, and privilege escalate using Kerberos Resource-based Constrained Delegation. Let’s get started! Nmap enumeration $ IP=10.10.11.174 $ […]

HackTheBox – Timelapse Write-up

Hi everyone! This is a Windows machine that only test Active Directory related content during privilege escalation. For initial access, we have to enumerate SMB for a password protected ZIP file which stores a password protected PFX file. Cracking using zip2john and crackpkcs12 was done before generating a public and private key using the PFX […]

HackTheBox – RedPanda

Hi everyone! This is a Linux machine that requires exploiting SSTI in a Java SpringFramework application via a search bar on the webpage for RCE and then initial access. For privilege escalation, we will need to emulate what group the user is in, discover a log file he/she has access to, use pspy to discover […]

HackTheBox – Sick ROP Write-up

Hi everyone! This is a SigReturn Oriented Programming (SROP) challenge on an x64 Linux binary file on 15 August 2020. We need to use SYS_mprotect before allowing on-stack shellcode execution to obtain a shell on the server. Let’s get started! 1. Files provide sick_rop (x64 ELF binary) 2. Tools required pwntools ROPgadget IDA Pro/Freeware 3. […]

HackTheBox – Paper Write-up

Hi everyone! Today’s write-up is on Paper, an easy Linux machine from HackTheBox. This machine requires us to enumerate the HTTP response header to discover the domain name, enumerate the version of WordPress for a vulnerability, and a specific comment in a post before having the knowledge to exploit the vulnerability to read secret content […]

HackTheBox – Late

Hi everyone! This is a Linux machine challenge that was created on 24 April 2022. This machine requires us to utilize Optical Character Recognition (OCR) in Python for SSTI which gives us initial access. For privilege escalation, we are required to enumerate files in the victim machine owned by the user and modify a script […]

HackTheBox Cyber Apocalypse CTF 2022 – Intergalactic Chase (pwn) write-up

Hi everyone! This article is on HackTheBox’s Cyber Apocalypse CTF 2022 on pwn only. The event lasted from 14/5/2022 – 19/5/2022. Let’s get started! 1. Challenges Space Pirate: Entrypoint Format string attack on x64 ELF file to overwrite a stack variable’s value. Space pirate: Going Deeper Understanding on strncmp() terminating condition. Fleet Management Shellcoding with […]

HackTheBox – Backdoor Write-up

Hi everyone! This write-up is on Backdoor, an easy Linux machine. I wouldn’t say this machine is actually easy. This machine requires us to manually enumerate WordPress’s plugin directory, and exploit the directory traversal vulnerability to leak process. Exploit the gdbserver process to obtain a reverse shell before attaching to the root’s screen session for […]

HackTheBox – Previse Write-up

Hi everyone! Today’s post is on Previse, an easy HackTheBox Linux machine. This machine was released on 8 August 2021. In this machine, a URL redirect status 302 is exploited to leak the actual web page without logining in, exploiting unsanitized POST data run on the server’s PHP’s exec(), extracting user password from one-liner MySQL […]