Hi everyone! This is a Linux machine that requires exploiting SSTI in a Java SpringFramework application via a search bar on the webpage for RCE and then initial access. For privilege escalation, we will need to emulate what group the user is in, discover a log file he/she has access to, use pspy to discover […]
Hi everyone! This is a Linux machine challenge that was created on 24 April 2022. This machine requires us to utilize Optical Character Recognition (OCR) in Python for SSTI which gives us initial access. For privilege escalation, we are required to enumerate files in the victim machine owned by the user and modify a script […]
Hi everyone! This write-up is on Backdoor, an easy Linux machine. I wouldn’t say this machine is actually easy. This machine requires us to manually enumerate WordPress’s plugin directory, and exploit the directory traversal vulnerability to leak process. Exploit the gdbserver process to obtain a reverse shell before attaching to the root’s screen session for […]
Hi everyone! Today’s post is on the basics of lateral movement in the Active Directory (AD) network. In this article, we will be focusing on using LOLBAS and reverse shells to compromise other computers in the internal network. Let’s get started! Network Below shows the network we will be using for our example. Assumption We […]
Hi everyone! This is post is on elevating your CMD to SYSTEM access. Let’s get started! Requirements Psexec.exe (Sysinternal tool) Local administration privilege Obtaining SYSTEM Firstly, launch CMD in administrative privilege if you are on GUI. Otherwise, make sure you are on an admin account in a reverse/bind shell. Local spawn CMD In your CMD: […]
Dear readers, Today’s post is on Armageddon, a GNU/Linux easy machine on HackTheBox. It was created on 28th March 2021. This challenge tests on find CVE vulnerability on a website, pivoting from apache user from web shell to local user by getting information from MySQL using MySQL one-liner, cracking the hash, and privilege escalation through […]
Lamecarrot 