This is the first video of a series about Shinra, a virtual company in a private red team lab. We will conduct a full pentest on Shinra and explore various topics along the way.
Video & additional notes for StreamIO, a medium difficulty Windows machine on HackTheBox that involves manual MSSQL Injection, going from file inclusion to RCE and in this case getting the SeImpersonate privilege back to get SYSTEM via an EFS-based potato.
We are solving Proper, a 40-point Windows machine on HackTheBox created by jkr and me. This box involves a custom SQL-Injection and a Remote-File-Inclusion that is quite tricky to exploit. Root is about a custom service binary running as SYSTEM and requires some light golang reversing and knowledge about windows...
We are solving Crossfit2, a 50-point OpenBSD machine on HackTheBox.
We are solving Breadcrumbs, a 40-point Windows machine on HackTheBox. For user, we exploit an LFI to read PHP source code, forge a session cookie & upload a PHP shell. Root involves dumping sticky notes content & exploiting a SQL injection.
Scavenger is a 40 Point machine on hackthebox that involves a lot of enumeration, a SQL injection, and in my video, an unintended root by exploiting exim.
Zetta is 40-point machine on hackthebox. We will get the ipv6 address of the box via ftp, use rsync to get access to ssh and finally abuse a sql injection in rsyslogd to get root.
AI is a 30 point machine on hackthebox that involves SQL injection via speech and abusing an exposed java debugging port.
Writeup is a nice, medium difficulty machine on hackthebox, featuring the use of a publicly available sql injection exploit and a rather unique way to get root by using path poisoning.