Home • Vulndev

Fortune @ HackTheBox

Fortune is a 50 point machine on hackthebox.eu featuring OpenBSD. I was lucky enough to get first blood on this box thanks to my team at the time p0l1T3am and especially ykataky. Techniques required in Fortune are the creation and signing of public keys, using client certificates, nfs-shares and...

By xctCTFcertificates, hackthebox, nfs, openbsd, postgresql

Safe @ HackTheBox

Safe is an "easy" machine on hackthebox, involving a simple buffer overflow and cracking a keepass file.

By xctCTFbinary exploitation, hackthebox, keepass, linux

Release: Ropstar

I encountered a lot of pwn challenges recently, so I decided to automate a lot of it in ropstar.

By xctToolsbinary exploitation, linux, rop, tools

Craft @ HackTheBox

Craft is a medium difficulty box.

By xctCTFcve, gogs, hashicorp vault

Protected: Offshore Prolab @ HackTheBox

There is no excerpt because this is a protected post.

By xctCTFbloodhound, dcsync, domain trust, potato, sedebug, splunk, sql injection, traffic sniffing

Hackback @ HackTheBox

This post is about hackback, a really interesting and challenging machine that was released on 23.02.19 on hackthebox.eu. Techniques used on this box are javascript deobfuscation, command injection, tunneling traffic through aspx and a lot of custom exploitation, in addition to a recent windows 10 exploitation technique involving DCOM.

By xctCTFcommand injection, custom exploitation, dcom, hackthebox, obfuscation, services, tunneling, windows