In this machine, I had to exploit a known vulnerability in exiftool, find a password in some logs, and finally reverse a program to find how to exploit it.
Room: Investigation
Difficulty: Med...
This was a really fun box. I had to exploit two LFI vulnerabilities and PHP filters to get a foothold. Then exploit git configuration and systemd to escalate my privileges.
Room: Encoding
Dif...
In this box, I had to exploit an LFI, a vulnerable token generation, and a serialization vulnerability to get to a shell. Then I had to crack a hashed password, and finally, get code execution in a...
This machine took me a long time to own because I failed at basic enumeration. Most of the work to do this box was in finding the passwords laying around.
Room: Mentor
Difficulty: Medium
UR...
This was a difficult box for me. I had to exploit a web application to get Remote Code Execution, find the userโs password in an notes file, then exploit the same application a second time to get r...
In this easy box, I had to exploit a web application that allowed reformatting images to get remote code execution. Then I got root by exploiting a cleanup script with too many permissions.
Roo...
This was a really fun box where I had to use multiple vulnerabilities. There was a Local File Inclusion (LFI), credentials stored in clear, misconfiguration, and a Git repository with a token in it...
It took me a long time to get a foothold on that machine. But once I was in, getting the user and root was very easy.
Room: UpDown
Difficulty: Medium
URL: https://app.hackthebox.com/machine...
I had a hard time getting my initial access to this box. It required playing with Mongo Injection. And multiple enumerations of subdomains. Once on the box, getting root was quick. A reversing of a...
This was a difficult, but fun machine. It came out as an easy machine before being reclassified as medium. It took me a long time before I finally pwned it.
It started with using a web application...