Remote Hackthebox walkthrough

Hey fellas!! Its time for remote from hackthebox. This was an easy Windows machine. The initial foothold for the machine was based on CVE of a CMS and has a straight-forward privilege escalation to Administrator.With all that said, let’s get started!! Scan the host for the open ports and services. # nmap -sC -sV -oA remote.nmap 10.10.10.180 The output revealed 3 interesting…

1 Comment

Blunder: Hackthebox Walkthrough

Hey all! In this blog post, we’ll be walking through blunder from hackthebox. Blunder is an easy level linux machine.   Summary The initial foothold on the box requires a bit of enumeration to find out the correct user who can login into CMS:- bludit. There is the file upload vulnerability on the cms that gets the initial shell on the box.…

12 Comments

Waldo: Hackthebox walkthrough

Waldo is a medium linux machine from hackthebox. The initial foothold on the box is based on understanding a bunch of .php files that leads to sensitive file read such as the ssh private key. Once inside the box, linux enumeration depicts that there is a docker running. The user of the docker needs to be guessed to get successful entry to…

1 Comment

Hackthebox: Resolute Walkthrough

Hey fellow hackers! The post will be guiding you on how to own resolute from Hackthebox. Resolute is an easy rated machine. The box has a very straightforward initial foothold. But owning the administrator is a bit tricky. It depicts another instance of an AD group membership privilege escalation. So let’s get started!! Run the nmap scan to retrieve all the open…

0 Comments

Jarvis: Hackthebox walkthrough

Hey all! This is Shreya Pohekar. This walkthrough will solve Jarvis from hackthebox. Jarvis is an easy linux machine. The initial foothold on the box is based on exploiting the sqli to gain creds of dbadmin. Phpmyadmin is accessible to the users and can be logged via the creds of dbadmin. The initial shell can be obtained by uploading a web shell…

1 Comment

Jeeves : Hackthebox walkthrough

Hey fellow Hackthebox users!! This is Shreya Pohekar. This blog post is gonna walk you through Jeeves that’s a medium windows machine. The initial foothold on the box is based upon the unauthenticated Remote code execution on the jenkins. The key is just to find the right direcotry to hit. Once inside the box, there is a keepass database stored somewhere. Decrypt…

0 Comments