Protected: Rastalabs Prolab @ HackTheBox
There is no excerpt because this is a protected post.
There is no excerpt because this is a protected post.
Ellingson is fun and quick 40 points machine on hackthebox, featuring the abuse of the python/flask werkzeug debugger, cracking a password and a custom binary exploit.
Bastion is an easy 20 points machine on hackthebox. It is about mounting a .vhd file over the network, retrieving password hashes from backups (via SAM) and a privilege escalation that involves stored credentials in mRemoteNG.
Helpline is a really fun box on hackthebox.eu, which I was lucky enough to get system first blood on :) Weirdly enough I couldn't get the user first blood - but more to that later.