-
Protected: Manager – Hack The Box
There is no excerpt because this is a protected post.
-
Drive – Hack The Box
This hard box began with a simple web site that offered google-drive-like capabilities. One could register, login and upload files. The vulnerability stemmed from the block/reserve capability offered by the site in order to make files “private” to a particular group. Every file had an id, and performing a fuzz at the endpoint of that…
-
Protected: Visual – Hack The Box
There is no excerpt because this is a protected post.
-
Clicker – Hack The Box
This medium box was quite challenging but fun nonetheless. I’d say that it was in the higher-end medium category because of the uniqueness of the challenges for such a box level, alongside the research for each bit involved. The unpacking of this box began with a visible NFS mount that I could mount to my…
-
Cybermonday – Hack The Box
I’ve never been so challenged by a machine as much as this one. Although it is rated as hard, it’s very much an insane-like one in the amount of steps and rigamarole to go through to overcome every roadblock along the way to achieve even the smallest of progress in order to move forward. The…
-
Protected: CozyHosting – Hack The Box
There is no excerpt because this is a protected post.
-
Protected: Zipping – Hack The Box
There is no excerpt because this is a protected post.
-
Keeper – Hack The Box
This box was pretty straightforward. It involved accessing the web app’s root panel by guessing the default password. From there, finding a different set of credentials led to discovering that those belonged to a user, which I SSHd into. Little enumeration was necessary as there was a zip file that when unzipped created two separate…
-
Download – Hack The Box
This box was quite tricky in that it involved some very unusual exploitation methods in order to reveal the initial information for a foothold. Revealing any sort of information required spotting the right location within the web app where encoded LFI unveiled an interesting package.json file (a default file for node.js apps – a programming…