Recent Posts

Bighead - Hack The Box

Bighead was an extremely difficult box by 3mrgnc3 that starts with website enumeration to find two sub-domains and determine there is a custom webserver software running behind an Nginx proxy. We then need to exploit a buffer overflow in the HEAD requests by creating a custom exploit. After getting a shell, there’s some pivoting involved to access a limited SSH server, then an LFI to finally get a shell as SYSTEM. For the final stretch there is an NTFS alternate data stream with a Keepass file that contains the final flag.

Irked - Hack The Box

Irked is an easy box running a backdoored UnrealIRC installation. I used a Metasploit module to get a shell then ran steghide to obtain the SSH credentials for the low privileged user then got root by exploiting a vulnerable SUID binary.

Teacher - Hack The Box

Teacher uses the Moodle Open Source Learning platform and contains a vulnerability in the math formula that gives us RCE. The credentials for the Moodle application are found in a .png file that contains text instead of an actual image. After getting a shell with the math formula, we find the low privilege user credentials in the MySQL database. We then escalate to root by abusing a backup script running from a cronjob as root.

Redcross - Hack The Box

Redcross has a bit of everything: Cross-Site Scripting, a little bit of SQL injection, reviewing C source code to find a command injection vulnerability, light exploit modification and enumeration.

Vault - Hack The Box

This is the writeup for Vault, a machine with pivoting across different network segments.

Curling - Hack The Box

This is the writeup for Curling, a pretty easy box with Joomla running. We can log in after doing basic recon and some educated guessing of the password.

Frolic - Hack The Box

This is the writeup for Frolic, a CTF-like machine with esoteric programming languages and a nice priv esc that requires binary exploitation.

Carrier - Hack The Box

This is the writeup for Carrier, a Linux machine I created for Hack the Box requiring some networking knowledge to perform MITM with BGP prefix hijacking.

Ethereal - Hack The Box

This is the writeup for Ethereal, a very difficult Windows machine that I solved using the unintented rotten potato method before the box was patched by the HTB staff.

Access - Hack The Box

This is the writeup for Access, a Windows machine involving some enumeration of an Access DB, an Outlook PST and a priv esc using Windows Credential Manager.