Ghoul hackthebox walkthrough – Part 2
Ghoul is a hard linux machine from hackthebox The privilege escalation exploits the gogs vulnerability and ssh-agent's sign-on mechanism to get the root.
0 Comments
January 5, 2021
Ghoul Hackthebox walkthrough – Part 1
Ghould is a hard linux machine from hackthebox. Find the machine in the retired section.
January 5, 2021
Remote Hackthebox walkthrough
Hey fellas!! Its time for remote from hackthebox. This was an easy Windows machine. The initial foothold for the machine was based on CVE of a CMS and has a straight-forward privilege escalation to Administrator.With all that said, let’s get started!! Scan the host for the open ports and services. # nmap -sC -sV -oA remote.nmap 10.10.10.180 The output revealed 3 interesting…
July 23, 2020
Aragog Hackthebox walkthrough
Aragog is a medium level linux machine from hackthebox. Initial foothold is based on exploiting XXE and the privilege escalation requires to log the password by creating a backdoor.
July 21, 2020
Blunder: Hackthebox Walkthrough
Hey all! In this blog post, we’ll be walking through blunder from hackthebox. Blunder is an easy level linux machine. Summary The initial foothold on the box requires a bit of enumeration to find out the correct user who can login into CMS:- bludit. There is the file upload vulnerability on the cms that gets the initial shell on the box.…
June 8, 2020
Waldo: Hackthebox walkthrough
Waldo is a medium linux machine from hackthebox. The initial foothold on the box is based on understanding a bunch of .php files that leads to sensitive file read such as the ssh private key. Once inside the box, linux enumeration depicts that there is a docker running. The user of the docker needs to be guessed to get successful entry to…
June 7, 2020
Hackthebox: Resolute Walkthrough
Hey fellow hackers! The post will be guiding you on how to own resolute from Hackthebox. Resolute is an easy rated machine. The box has a very straightforward initial foothold. But owning the administrator is a bit tricky. It depicts another instance of an AD group membership privilege escalation. So let’s get started!! Run the nmap scan to retrieve all the open…
May 31, 2020
Jarvis: Hackthebox walkthrough
Hey all! This is Shreya Pohekar. This walkthrough will solve Jarvis from hackthebox. Jarvis is an easy linux machine. The initial foothold on the box is based on exploiting the sqli to gain creds of dbadmin. Phpmyadmin is accessible to the users and can be logged via the creds of dbadmin. The initial shell can be obtained by uploading a web shell…
May 26, 2020
Cache : Hackthebox Walkthrough
Cache is medium linux box. Initial foothold is based on CVE of openEMR and privlege escalation requires exploiting the docker group member.
May 17, 2020
Abusing SeImpersonatePrivilege on users to become SYSTEM
Hello Everyone! This is Shreya Pohekar. This is a follow-up blog from jeeves from hackthebox. Jeeves is a medium windows box. The writeup can be found out here. This blog post depicts yet another way to priv esc to Administrator. The pre-requisite is to have a user shell.When I ran a whoami /priv , It listed all the privileges the user has.…
May 8, 2020
Jeeves : Hackthebox walkthrough
Hey fellow Hackthebox users!! This is Shreya Pohekar. This blog post is gonna walk you through Jeeves that’s a medium windows machine. The initial foothold on the box is based upon the unauthenticated Remote code execution on the jenkins. The key is just to find the right direcotry to hit. Once inside the box, there is a keepass database stored somewhere. Decrypt…
May 7, 2020