-
Templated – HTB
This was not a box, but a challenge present in Hack The Box’s challenges section called Templated. This challenge tackled the SSTI vulnerability which I exploited in BurpSuite in order to capture the flag. SSTI Injection Server-Side Template Injection (SSTI) is a vulnerability that affects web applications that use template engines, such as Flask and…
-
PC – Hack The Box
This newly released box was particularly interesting as it involved getting my hands dirty with gRPC, Google’s Remote Procedure Calls framework, as well as some local port forwarding. Nmap didn’t reveal much on what port 50051 was but eventually I found out it was gRPC. I then learned how to connect to it, as well…
-
Format – Hack The Box
This box topped off the previous medium I had completed in terms of difficulty despite the level being marked as medium. I was exposed to a variety of unexpected pathways which allowed me to eventually get to root. To begin with, and what mattered most, was to read the source code which revealed plenty of…
-
Agile – Hack The Box
This box was, by far, the most challenging and the one I had learned most on a single machine. This box began with a simple website that turned out to be a password manager. Upon going to the login section I was prompted with a login page and I was also given the option to…
-
MonitorsTwo – Hack The Box
This box was great fun as it exposed me to two new ways to achieve a foothold and escalate privileges on two separate instances, where the first was a container and the latter was the real machine containing both flags. In the beginning, I was met with a webpage with nothing much of interest for…
-
MetaTwo – Hack The Box
This box really beat me with a stick, but helped me learn a lot of things as it was on the hard side of the ‘easy’ boxes! The box involved taking advantage of a vulnerable plugin called BookingPress through a POC on GitHub. After running that through Python, I managed to extract a privileged user’s…
-
Inject – Hack The Box
This box was by far some of the trickiest to get a foothold of for me. Marked as easy when, in fact, it is considered a Medium by most, this box’s initial vulnerability consisted in that of exploiting the readability through LFI by using BurpSuite. This allowed for some directory and file scouting as everything…
-
Stocker – Hack The Box
This box involved enumerating the login page which needed to be exploited through a NoSQL injection to bypass the login. After that, I needed to capture the request that checked out the cart with the items I had selected that were on the /stock page. Intercepting that request led me to see that I could…
-
Precious – Hack The Box
This box’s initial pathway access was centered around taking advantage of the input field that converted web pages to PDFs. It consisted in understanding the version of the service used to convert the web pages to PDFs and find a reverse shell for them. There are a couple of ways I found out to obtain…
-
SteamCloud – Hack The Box
This was one enjoyable retired box that was mostly based on Kubernetes and the ways that it could be exploited through the mounting of pods and containers by using the Kubectl and Kubeletctl CLI commands. Steamcloud exposes a couple of Kubernetes-related ports but with no way to authenticate to them, it proved hard to communicate…