This was classified as an easy difficulty machine by MrKN16H7 on HackTheBox that has a webpage on port 80, running a developmental version of PHP which is vulnerable to remote code execution. We will analyze the vulnerability and then use a script by Richard Jones on PacketStorm to gain our foothold on the box. And finally, our privilege escalation vector will be a binary named knife which is a command line tool to manage the infrastructure automation tool called Chef....
This was classified as an easy machine by MrAgent on HackTheBox that is running a webpage containing an image and also running an Internet Relay Chat (IRC) application that contains a remote code execution vulnerability which we will analyze and exploit to gain a foothold on the box. For the privilege escalation part, we will find a setuid binary, since the SUID bit is set for root; we will abuse this binary and get root....
This was classified as an easy machine by mrb3n on HackTheBox. We will find a webpage on port 80 with an image, running a directory brute force on it with a trailing slash; we will find a user.sh. We will intercept this request, find out that it is vulnerable to ShellShock (CVE-2014-6271) and gain a foothold in the box. To privilege escalate, we will find that the user can run Perl as root, then we will run Perl to execute Bash....
This was classified as an easy machine but took tons of enumeration and tradecraft. This was an awesome learning opportunity by HackTheBox. The box is running a webserver, while enumerating, we find an OpenNetAdmin instance which is vulnerable to remote code execution; which will be our entry point. Finally, the privilege escalation vector will be the nano editor. OS Difficulty IP Address Status Linux Easy 10.10.10.171 Retired Phase 1 - Enumeration Nmap As usual, we start off with an Nmap to identify open ports....
This was classified as an easy box by eks and mrb3n on HackTheBox. We gain our foothold by enumerating SMB as it allows anonymous authentication. We find a few shares, one of which includes a username and encoded password. We will decode the password and use it to gain foothold. For the privilege escalation part, we will get the Kerberos ticket (Kerberoast), crack it and escalate to administrator. OS Difficulty IP Address Status Windows Easy 10....