This box was classified as a medium box by ch4p on HackTheBox. It is also categorized as a OSCP-style box on TJNull’s list. While enumerating port 80, we find an instance of TorrentHoster where we get to upload an image and bypass its filtering to get our initial foothold. For privilege escalation, we leverage CVE-2010-0832 to get root.
OS Difficulty IP Address Status Linux Medium 10.10.10.6 Retired Phase 1 - Enumeration Nmap As usual, we start off with a Nmap to identify open ports:...
This box is classified as easy, but we at CovertBay decided to classify it as super easy, thanks to InfosecJack on HackTheBox. Since the web application page did not have any kind of authentication and allowed us to download packet capture files (.pcap) where when analyzed; reveals a FTP username and password which is also the credentials for SSH. Once logged in, as this box’s name suggests, the privilege escalation path is via Linux capabilities....
This was a classified as a medium difficulty box by felamos from HackTheBox. Our foothold into this box starts on its webpage on port 8080, where we will find an “Online YAML Parser” which is vulnerable to SnakeYaml Deserialization attack, we can upload a YAML payload from the web application and the server-side will parse it using the SnakeYaml library. So, we’ll let it “parse” a Java payload to get remote code execution, and gain our foothold....
This was classified as an easy difficulty machine by MrKN16H7 on HackTheBox that has a webpage on port 80, running a developmental version of PHP which is vulnerable to remote code execution. We will analyze the vulnerability and then use a script by Richard Jones on PacketStorm to gain our foothold on the box. And finally, our privilege escalation vector will be a binary named knife which is a command line tool to manage the infrastructure automation tool called Chef....
This was classified as an easy machine by MrAgent on HackTheBox that is running a webpage containing an image and also running an Internet Relay Chat (IRC) application that contains a remote code execution vulnerability which we will analyze and exploit to gain a foothold on the box. For the privilege escalation part, we will find a setuid binary, since the SUID bit is set for root; we will abuse this binary and get root....