Hey pentesters! In this post blog post, I am gonna walk you through canape that is a medium linux machine from hackthebox. Summary The initial foothold on the box is based on python pickle injection that leads to remote code execution. Privilege escalation to user exploits a vulnerability in couchdb that can be leveraged to create a dummy user with _admin role.…
Hey fellow hackers! The post will be guiding you on how to own resolute from Hackthebox. Resolute is an easy rated machine. The box has a very straightforward initial foothold. But owning the administrator is a bit tricky. It depicts another instance of an AD group membership privilege escalation. So let’s get started!! Run the nmap scan to retrieve all the open…
Hey everyone! This is shreya and the blog post covers the step by step guide to pwn secnotes from hackthebox. Secnotes is a medium windows machine. Initial foothold on the box is based on exploiting the sqli on the login page where we get the creds to access smb share. Since we have read.write access on the share, we will be exploiting…
Hey all! This is Shreya Pohekar. This walkthrough will solve Jarvis from hackthebox. Jarvis is an easy linux machine. The initial foothold on the box is based on exploiting the sqli to gain creds of dbadmin. Phpmyadmin is accessible to the users and can be logged via the creds of dbadmin. The initial shell can be obtained by uploading a web shell…