This is the writeup for Ethereal, a very difficult Windows machine that I solved using the unintented rotten potato method before the box was patched by the HTB staff.
This is the writeup for Access, a Windows machine involving some enumeration of an Access DB, an Outlook PST and a priv esc using Windows Credential Manager.
This is the writeup for Zipper, a Linux box running the Zabbix network monitoring software inside a docker container.
This is the writeup for Giddy, a Windows machine with an interesting twist on SQL injection, PowerShell Web Access and a priv exploiting improper permissions.
This is the writeup for Ypuffy, an OpenBSD machine from Hack the Box involving a somewhat easy shell access followed by a privesc using CA signed SSH keys.
This blog post is a writeup of the Hack the Box SecNotes machine from 0xdf.
This blog post is a writeup of the Oz machine from Hack the Box.
This blog post is a writeup of the Mischief machine from Hack the Box using the unintended LXC container privesc method.
Linux / 10.10.10.87
For this last SLAE assignment, I’ve created a custom shellcode crypter using the Salsa20 stream cipher. Salsa20 is a family of 256-bit stream ciphers designed in 2005 and submitted to eSTREAM, the ECRYPT Stream Cipher Project.