Onetwoseven is a great machine on hackthebox, featuring symbolic links, port forwarding through sftp and some typical web application exploitation. For escalation of privilege we abuse sudo apt-get update && sudo apt-get upgrade, by faking a deb repository to install a fake, back-doored package. I combined the user and...
Unattended is a high difficulty machine on hackthebox, featuring manual sql injection, log poisoning and some guessing.
This short write-up is about Irked, a rather easy machine on hackthebox featuring an irc backdoor, some steganography and a simple abuse of a custom binary.
Kryptos is 50 points machine on hackthebox, involving some interesting techniques, like setting up a fake database and making the application use it, abusing a weak rc4 implementation, pivoting through a web application and injecting into a sqlite database. In addition we exploit a weak prng on a application...
Redcross is a machine on hackthebox.eu, featuring sql injection, cookie reuse and a nice binary exploitation challenge, which I enjoyed a lot.
LaCasaDePapel is a rather easy machine on hackthebox.eu, featuring the use of php reflection, creating and signing of client certificates and the abuse of a cronjob. Unfortunately the box was very unstable and slow for me and therefore pretty unenjoyable.
Curling is one of the easier boxes on hackthebox.eu, featuring getting a shell on joomla via template editing, getting a password from an obfuscated file and exploiting an insecure curl script.
Frolic is a medium difficulty machine on hackthebox.eu, featuring a lot of CTF-ish language conversions, the usage of a public exploit for "playsms" and (simple) custom binary exploit.
Carrier is a nice, medium difficulty machine on hackthebox.eu featuring information retrieval via snmp, command injection and bgp hijacking. The bgp hijacking part was a nice learning experience as this is a technique you probably don't see every day.
This post is a walkthrough of Zipper, an interesting machine on hackthebox.eu featuring the zabbix network monitoring application. It involves the application of known zabbix exploits, manipulation of database entries and light custom exploitation of a privileged binary.
