This was classified as an easy machine by MrAgent on HackTheBox that is running a webpage containing an image and also running an Internet Relay Chat (IRC) application that contains a remote code execution vulnerability which we will analyze and exploit to gain a foothold on the box. For the privilege escalation part, we will find a setuid binary, since the SUID bit is set for root; we will abuse this binary and get root....
This was classified as an easy machine by mrb3n on HackTheBox. We will find a webpage on port 80 with an image, running a directory brute force on it with a trailing slash; we will find a user.sh. We will intercept this request, find out that it is vulnerable to ShellShock (CVE-2014-6271) and gain a foothold in the box. To privilege escalate, we will find that the user can run Perl as root, then we will run Perl to execute Bash....
This was classified as an easy machine but took tons of enumeration and tradecraft. This was an awesome learning opportunity by HackTheBox. The box is running a webserver, while enumerating, we find an OpenNetAdmin instance which is vulnerable to remote code execution; which will be our entry point. Finally, the privilege escalation vector will be the nano editor. OS Difficulty IP Address Status Linux Easy 10.10.10.171 Retired Phase 1 - Enumeration Nmap As usual, we start off with an Nmap to identify open ports....
This was classified as an easy box by eks and mrb3n on HackTheBox. We gain our foothold by enumerating SMB as it allows anonymous authentication. We find a few shares, one of which includes a username and encoded password. We will decode the password and use it to gain foothold. For the privilege escalation part, we will get the Kerberos ticket (Kerberoast), crack it and escalate to administrator. OS Difficulty IP Address Status Windows Easy 10....
This was classified as an easy box by bertolis on HackTheBox and my first experience with Android exploitation. Enumerating the opened ports, we discover a SSH, Android Debug Bridge (adb), and ES File Explorer, which is vulnerable to CVE-2019-6447 and will be our method to gain foothold. For privilege escalation, we will setup a SSH Tunnel to execute adb commands and gain root. OS Difficulty IP Address Status Android Easy 10....