HackTheBox - Remote
0. Preface
This is one of the first write-ups I have written, as well as one of the first boxes I completed, so the write-up quality may not match the previous few write-ups on this site.
Pretty interesting box overall, nothing much to really write about here. Just some enumeration, some CVE exploits and that’s it.
In this box, we will be tackling:
- Mounting and enumerating NFS shares
- Exploiting Umbraco for RCE
- Privilege escalation using TeamViewer 7
Continue Reading...
VulnHub - GreenOptic 1
0. Preface
This box has tons of enumeration. Tons. Pretty interesting box in terms of what kind of enumeration and analysis you have to do, but honestly it’s nothing we haven’t seen before so far.
In this box, we will be tackling:
- Reading files using LFI
- DNS zone transfers
- Decoding some Base64
- Wireshark PCAP Analysis
Continue Reading...
HackTheBox - Quick
0. Preface
This box took a lot of time and a lot of tears. It definitely wasn’t quick at all.
After how hard the rest of the box is, root is pretty brainless in comparison. Also, if you’re still running ESIGate 5.2 and below (or really, anything that is vulnerable to ESI injection), please update it.
Gear up for the longest write-up I have written yet.
In this box, we will be tackling:
- HTTP/3
- Guessing email addresses to password spray
- ESI injection
- Quickly symlinking files
- Reading some log files to root
Continue Reading...
Home