Solving Crossfit, a 50-point Linux machine on HackTheBox which involves a lot of cross-site scripting, a command-injection, and finally some light reversing.
Solving Reel2 on HackTheBox. This is a 40 point box involving Spraying, Phishing, Sticky Notes and JEA.
Solving Academy on HackTheBox, a 20-point Linux machine on HackTheBox that involves a Laravel deserialization RCE, stored credentials & sudo composer.
Buff is a 20-point Windows Machine on HackTheBox, created by egotisticalSW. It involves 2 simple public exploits and forwarding a port.
Sauna is a 20-point Windows Machine on HackTheBox. For user, we bruteforce usernames and then use ASREP-Roasting to obtain the hash of one the users. For root, we find the logon password for an account that has DCSync privileges and then use secretsdump.py to execute the attack.
Book is a 30-point Linux machine on HackTheBox. We log into a web application by exploiting SQL truncation and then use a Local File Inclusion vulnerability to obtain an SSH key. By exploiting a logrotate CVE we escalate privileges.
ForwardSlash is a 40-point Linux Machine on HackTheBox. We use a path traversal vulnerability to get ssh credentials and abuse a custom backup program to read an old configuration file. For root we mount a custom LUKS image that contains a setuid program.
Monteverde is a 30-point Windows machine on HackTheBox that involves some LDAP and SMB enumeration to get the user flag. For root we exploit Azure AD Connect’s way of storing the password for the account that synchronizes on premise AD accounts with Azure AD.
Nest is a 20-point Windows machine on HackTheBox that involves searching through smb shares and analyzing 2 short custom programs.
P.O.O. Endgame is one of HackTheBox’s endgame labs and was just retired. It involves exploiting SQL Server Links & Active Directory ACLs.