Cache : Hackthebox Walkthrough
Cache is medium linux box. Initial foothold is based on CVE of openEMR and privlege escalation requires exploiting the docker group member.
Cache is medium linux box. Initial foothold is based on CVE of openEMR and privlege escalation requires exploiting the docker group member.
Hello Everyone! This is Shreya Pohekar. This is a follow-up blog from jeeves from hackthebox. Jeeves is a medium windows box. The writeup can be found out here. This blog post depicts yet another way to priv esc to Administrator. The pre-requisite is to have a user shell.When I ran a whoami /priv , It listed all the privileges the user has.…
Hey fellow Hackthebox users!! This is Shreya Pohekar. This blog post is gonna walk you through Jeeves that’s a medium windows machine. The initial foothold on the box is based upon the unauthenticated Remote code execution on the jenkins. The key is just to find the right direcotry to hit. Once inside the box, there is a keepass database stored somewhere. Decrypt…
Hey fellas!! This is Shreya Pohekar and today we’ll be walking through Control from Hackthebox. It was a hard windows machine. The initial foothold (wwwroot) to the machine exploited a sql injection, where I uploaded a web shell using the vulnerability. Getting to the user was pretty straightforward as the sqlmap listed password hashes. Privilege escalation to root required us to read…
Hello all! This is Shreya Pohekar. Today we’ll be doing traverxec from hack the box. This box recently retired and is available for free in the retired machines section. So if you got stuck somewhere while the machine was active, follow the walkthrough and submit the flags. The machine is an easy Linux box that requires you to do a bit of…
An easy machine from HacktheBox. Let's grab the root flag.....
Hello everyone!! Serialization is a concept that is being implemented for very long, but the vulnerability has got much traction in recent years. In the OWASP top 10 list, 2017, insecure deserialization is positioned at 8th which has furthermore attracted hackers and pentesters to explore on the vulnerability. So lets deep-dive in understanding what exactly is serialization. It is a process of…