Home • Vulndev

Smasher 2 @ HackTheBox

Smasher2 is a difficult 50 points machine on hackthebox, involving some guessing to get the user flag (because the author left in an unintended solution), and a custom kernel exploit to get root.

By xctCTF

Writeup @ HackTheBox

Writeup is a nice, medium difficulty machine on hackthebox, featuring the use of a publicly available sql injection exploit and a rather unique way to get root by using path poisoning.

By xctCTFhackthebox, linux, path hijacking, sql injection

Luke @ HackTheBox

Luke is a rather short, easy machine on hackthebox, which was nonetheless fun to solve and our team got both first bloods here.

By xctCTFajanti, hackthebox, linux, node

Ellingson @ HackTheBox

Ellingson is fun and quick 40 points machine on hackthebox, featuring the abuse of the python/flask werkzeug debugger, cracking a password and a custom binary exploit.

By xctCTFbinary exploitation, flask, hackthebox, linux, password cracking, werkzeug

SwagShop @ HackTheBox

SwagShop is a very easy machine on hackthebox, involving a public exploit and sudo abuse.

By xctCTFcve, hackthebox, linux, magento, sudo

Ghoul @ HackTheBox

Ghoul is a nice 40 points machine on hackthebox involving zip traversal, lateral movement, public exploits and some obscure hidden password in a git repository 😉

By xctCTFcve, git, gogs, hackthebox, linux, ssh agent forwarding, zip traversal