hackthebox Archives • Page 4 of 9 • Vulndev

28MarMarch 28, 2021

Passage @ HackTheBox

Solving Passage on HackTheBox. This is an easy box involving 2 public exploits, one for the CuteNews CMS and one for the USBCreator D-Bus interface.

By xctCTFcutenews, cve, d-bus, hackthebox, linux, usbcreator

27MarMarch 27, 2021

Luanne @ HackTheBox

Solving Luanne on HackTheBox. This is an easy 20-point machine involving a simple command injection and some password cracking.

By xctCTFcommand injection, cracking, hackthebox, linux, lua

20MarMarch 20, 2021

Crossfit @ HackTheBox

Solving Crossfit, a 50-point Linux machine on HackTheBox which involves a lot of cross-site scripting, a command-injection, and finally some light reversing.

By xctCTFcommand injection, hackthebox, linux, reversing, xss

13MarMarch 13, 2021

Reel2 @ HackTheBox

Solving Reel2 on HackTheBox. This is a 40 point box involving Spraying, Phishing, Sticky Notes and JEA.

By xctCTFhackthebox, jea, password spraying, phishing, sticky notes, windows

27FebFebruary 27, 2021

Academy @ HackTheBox

Solving Academy on HackTheBox, a 20-point Linux machine on HackTheBox that involves a Laravel deserialization RCE, stored credentials & sudo composer.

By xctCTFcomposer, hackthebox, laravel, linux, sudo

21NovNovember 21, 2020

Buff @ HackTheBox

Buff is a 20-point Windows Machine on HackTheBox, created by egotisticalSW. It involves 2 simple public exploits and forwarding a port.

By xctCTFcve, hackthebox, linux, port forwarding

30JulJuly 30, 2020

Sauna is a 20-point Windows Machine on HackTheBox. For user, we bruteforce usernames and then use ASREP-Roasting to obtain the hash of one the users. For root, we find the logon password for an account that has DCSync privileges and then use secretsdump.py to execute the attack.

By xctCTFasrep-roasting, dcsync, hackthebox, secretsdump, windows

11JulJuly 11, 2020

Book @ HackTheBox

Book is a 30-point Linux machine on HackTheBox. We log into a web application by exploiting SQL truncation and then use a Local File Inclusion vulnerability to obtain an SSH key. By exploiting a logrotate CVE we escalate privileges.

By xctCTFcve, hackthebox, lfi, linux, logrotate, sql trunaction

04JulJuly 4, 2020

ForwardSlash @ HackTheBox

ForwardSlash is a 40-point Linux Machine on HackTheBox. We use a path traversal vulnerability to get ssh credentials and abuse a custom backup program to read an old configuration file. For root we mount a custom LUKS image that contains a setuid program.

By xctCTFhackthebox, linux, luks, path traversal

13JunJune 13, 2020

Monteverde @ HackTheBox

Monteverde is a 30-point Windows machine on HackTheBox that involves some LDAP and SMB enumeration to get the user flag. For root we exploit Azure AD Connect’s way of storing the password for the account that synchronizes on premise AD accounts with Azure AD.

By xctCTFactive directory, azure ad, hackthebox, ldap, smb, windows

Tag - hackthebox

Passage @ HackTheBox

Luanne @ HackTheBox

Crossfit @ HackTheBox

Reel2 @ HackTheBox

Academy @ HackTheBox

Buff @ HackTheBox

Sauna @ HackTheBox

Book @ HackTheBox

ForwardSlash @ HackTheBox

Monteverde @ HackTheBox