-
Gofer – Hack The Box
This box posed some challenges I had not faced before, from building “malicious” macros that would execute upon opening a document, to reverse engineering a binary application’s functionality through Ghidra in order to escalate privileges. The box began with a few interesting open ports, among which was port 25, or SMTP, port 80, and 139/445…
-
Authority – Hack The Box
This was my first medium Windows machine from HTB. It was an absolute gem to learn from as I was exposed to some Windows AD Certificate Service privilege escalation towards the end which I learned most from. Nevertheless, the beginning was quite enjoyable as well. Starting from an SMB PWM share information gathering, and moving…
-
Protected: Sau – Hack The Box
There is no excerpt because this is a protected post.
-
Intentions – Hack The Box
This was one of, if not, the most challenging boxes I’ve done up to now. The initial foothold involved discovering a second-order SQLi vulnerability that would allow for the dumping of the databases and the tables of the backend MariaDB database. Therein lied the hash for the admin with whom I had to authenticate by…
-
Pilgrimage – Hack The Box
This second box from the newly released season was focused on a couple of CVEs. First, the image upload vulnerability by ImageMagick (CVE-2022-44268) which allowed for an LFI when uploading maliciously crafted image files, allowed me to obtain the user flag. I discovered this by taking advantage of the GitDump tool which revealed all the…
-
Sandworm – Hack The Box
This box was highly interesting in that it initially explored the topic of asymmetric keys, PGP, and SSTI to break out of the web page and obtain a reverse shell. From there, I was presented with a “jail” or, rather, a sandboxed environment from which I had to escape by finding the credentials of the…
-
OnlyForYou – Hack The Box
This box provided a great learning curve in that it exposed me to a new piece of vulnerable python code with which the web app was built, in particular, a section that I eventually found out could be injected. I leveraged that to obtain a foothold in the machine and then performed lateral movement on…
-
Jupiter – Hack The Box
This box was very interesting in that it opened a pathway to a SQLi within the web app’s specific section that I captured through BurpSuite. Taking advantage of that, as well as understanding what to look for, I found that the specific PostgreSQL version was vulnerable to command execution through the use of the COPY…
-
Bagel – Hack The Box
This active Medium box entailed quite the difficulty in obtaining the initial foothold which required extensive research on how to break into. The initial phases of obtaining a foothold required taking advantage of a LFI vulnerability in the /?page= parameter. From there, leaking the necessary information to extract a .dll file was the next step,…
-
Busqueda – Hack The Box
This active box was quite interesting to delve into as it taught me to explore repositories’ pull requests further than I had been used to. This newly acquired skill allowed me to see each and every version update and why it had occurred. I learned to see why a certain functionality was deprecated due to…