MonitorsTwo hackthebox writeup
Easy linux machine in which we hack cacti with a CVE, get credentials from a SQL database, and exploit a docker CVE to escalate privileges
Posts by Tag
- hackthebox 24
- fuzzing 7
- vulnhub 6
- MySQL 5
- wordpress 5
- bash scripting 5
- PATH 4
- git 4
- flask 4
- SQL injection 4
- LFI 4
- RCE 4
- port forwarding 3
- bruteforcing 3
- tryhackme 3
- cron 3
- docker 3
- code review 2
- JWT 2
- gitea 2
- mpdf 2
- capabilities 2
- gdb 2
- ftp 2
- log poisoning 2
- sudo 2
- SUID 2
- reverse engineering 2
- CVE 2
- strapi 1
- polkit 1
- code revision 1
- ipython 1
- redis 1
- bruteforce 1
- ctf 1
- picoctf 1
- LD_PRELOAD 1
- mongodb 1
- uploading files 1
- real life 1
- java 1
- NoSQL 1
- challenge 1
- websocket 1
- doas 1
- NoSQL injection 1
- XSS 1
- grafana 1
- consul 1
- ansible 1
- gRPC 1
- pyload 1
hackthebox
MonitorsTwo hackthebox writeup
PC hackthebox writeup
Easy linux machine in which we hack gRPC via SQL injection and escalate privileges thanks to a pyload CVE
Busqueda hackthebox writeup
Easy linux machine in which we exploit a known vulnerability,find plaintext credentials, and abuse a relative path
Inject hackthebox writeup
Easy linux machine in which we exploit a CVE found plaintext credentials adn privesc with ansible
Agile hackthebox writeup
Medium linux machine in which we get LFI forge our own flask token, exploit Chrome in debug mode and use a sudo CVE to privesc
Ambassador hackthebox writeup
Medium linux machine in which we exploit a CVE get credentials to a MySQL db then get ssh credentials and lastly find a consul token in a git repository to get root
Stocker hackthebox writeup
Easy linux machine in which we find a subdomain, bypass a login, get LFI thanks to XSS and escalate privileges via missconfiguration
Soccer hackthebox writeup
Easy linux machine in which we upload malicious files, we do a sqli in a websocket and privesc thanks to doas and dstat
Impossible Password hackthebox writeup
Simple yet didactic reverse engineering challenge
Precious hackthebox writeup
Really easy linux machine in which we exploit a pdfkit RCE, find plaintext credentials and escalate thanks to a .yaml file
Metatwo hackthebox writeup
Easy linux machine in which we exploit a couple wordpress vulneravilties and crack a couple hashes
Shoppy hackthebox writeup
Easy linux machine in which we inject NoSQL code, crack a password, reverse engineer a binary and escalate through docker
Photobomb hackthebox writeup
Easy linux machine in which we find exposed credentials, exploit a RCE and privilege escalate with PATH manipulation
What I’ve learned in 3 months of hacking
In this article I will share my experience of learning some hacking during my 3 months of summer vacation and criticly analyze if I took the right path. Then I will try and give my best advice.
Noter HTB writeup
Medium linux machine in which we exploit flask-JWT we create a Bash script, exploit a RCE and get root with MySQL
Shared HTB writeup
Medium linux machine in which we use SQL injection, exploit ipython and redis
Faculty HTB writeup
Medium linux machine in which we exploit mpdf with a bash script and escalate with gdb thanks to a capability
Trick HTB writeup
Easy linux machine in which we enumerate dns, fuzz subdomains, exploit and LFI, and exploit fail2ban
Opensource HTB writeup
Easy linux machine in which we overwrite the app code with a malicious file name and changed a .githooks file
Late HTB writeup
Easy linux machine in which we exploit flask and edit a script that gets executed by root
Paper HTB writeup
Easy linux machine in which we exploit an old wordpress version and the polkit exploit
Horizontall HTB writeup
Easy linux machine in which we exploit strapi and forward a lavarel port to exploit it
Secret HTB writeup
Easy linux machine in which we hack a JWT, take advatage of the exec function and read files with a SUID binary
Previse HTB writeup
Easy linux machine in which we take advantage of the exec function, crack a hash and manipulate the $PATH
fuzzing
Stocker hackthebox writeup
Easy linux machine in which we find a subdomain, bypass a login, get LFI thanks to XSS and escalate privileges via missconfiguration
Soccer hackthebox writeup
Easy linux machine in which we upload malicious files, we do a sqli in a websocket and privesc thanks to doas and dstat
Shoppy hackthebox writeup
Easy linux machine in which we inject NoSQL code, crack a password, reverse engineer a binary and escalate through docker
Photobomb hackthebox writeup
Easy linux machine in which we find exposed credentials, exploit a RCE and privilege escalate with PATH manipulation
Dobby vulnhub writeup
Very easy linux machine in which we bruteforce credentials and exploit a SUID binary
Jangow:1.0.1 vulnhub writeup
Easy linux machine in which we exploit a RCE and an old linux version
Mr.robot vulnhub writeup
Easy linux machine in which we bruteforce credentials and abuse a SUID binary
vulnhub
Death note vulnhub writeup
Very easy linux machine in which we upload a malicious php plugin to wordpress, bruteforce a user’s password and find unexpected files in the system
What I’ve learned in 3 months of hacking
In this article I will share my experience of learning some hacking during my 3 months of summer vacation and criticly analyze if I took the right path. Then I will try and give my best advice.
Bellatrix vulnhub writeup
Very easy linux machine in which we exploit a LFI to get RCE and abuse a SUID binary
Dobby vulnhub writeup
Very easy linux machine in which we bruteforce credentials and exploit a SUID binary
Jangow:1.0.1 vulnhub writeup
Easy linux machine in which we exploit a RCE and an old linux version
Mr.robot vulnhub writeup
Easy linux machine in which we bruteforce credentials and abuse a SUID binary
MySQL
MonitorsTwo hackthebox writeup
Easy linux machine in which we hack cacti with a CVE, get credentials from a SQL database, and exploit a docker CVE to escalate privileges
Ambassador hackthebox writeup
Medium linux machine in which we exploit a CVE get credentials to a MySQL db then get ssh credentials and lastly find a consul token in a git repository to get root
Soccer hackthebox writeup
Easy linux machine in which we upload malicious files, we do a sqli in a websocket and privesc thanks to doas and dstat
Noter HTB writeup
Medium linux machine in which we exploit flask-JWT we create a Bash script, exploit a RCE and get root with MySQL
Previse HTB writeup
Easy linux machine in which we take advantage of the exec function, crack a hash and manipulate the $PATH
wordpress
Metatwo hackthebox writeup
Easy linux machine in which we exploit a couple wordpress vulneravilties and crack a couple hashes
Death note vulnhub writeup
Very easy linux machine in which we upload a malicious php plugin to wordpress, bruteforce a user’s password and find unexpected files in the system
Dobby vulnhub writeup
Very easy linux machine in which we bruteforce credentials and exploit a SUID binary
Mr.robot vulnhub writeup
Easy linux machine in which we bruteforce credentials and abuse a SUID binary
Paper HTB writeup
Easy linux machine in which we exploit an old wordpress version and the polkit exploit
bash scripting
Death note vulnhub writeup
Very easy linux machine in which we upload a malicious php plugin to wordpress, bruteforce a user’s password and find unexpected files in the system
Jangow:1.0.1 vulnhub writeup
Easy linux machine in which we exploit a RCE and an old linux version
Noter HTB writeup
Medium linux machine in which we exploit flask-JWT we create a Bash script, exploit a RCE and get root with MySQL
Faculty HTB writeup
Medium linux machine in which we exploit mpdf with a bash script and escalate with gdb thanks to a capability
Trick HTB writeup
Easy linux machine in which we enumerate dns, fuzz subdomains, exploit and LFI, and exploit fail2ban
PATH
Photobomb hackthebox writeup
Easy linux machine in which we find exposed credentials, exploit a RCE and privilege escalate with PATH manipulation
Archangel tryhackme writeup
Easy linux machine in which we exploit and LFI, poison logs to get RCE, and escalate with both crontab and $PATH
Late HTB writeup
Easy linux machine in which we exploit flask and edit a script that gets executed by root
Previse HTB writeup
Easy linux machine in which we take advantage of the exec function, crack a hash and manipulate the $PATH
git
Busqueda hackthebox writeup
Easy linux machine in which we exploit a known vulnerability,find plaintext credentials, and abuse a relative path
Ambassador hackthebox writeup
Medium linux machine in which we exploit a CVE get credentials to a MySQL db then get ssh credentials and lastly find a consul token in a git repository to get root
Opensource HTB writeup
Easy linux machine in which we overwrite the app code with a malicious file name and changed a .githooks file
Secret HTB writeup
Easy linux machine in which we hack a JWT, take advatage of the exec function and read files with a SUID binary
flask
Agile hackthebox writeup
Medium linux machine in which we get LFI forge our own flask token, exploit Chrome in debug mode and use a sudo CVE to privesc
Noter HTB writeup
Medium linux machine in which we exploit flask-JWT we create a Bash script, exploit a RCE and get root with MySQL
Opensource HTB writeup
Easy linux machine in which we overwrite the app code with a malicious file name and changed a .githooks file
Late HTB writeup
Easy linux machine in which we exploit flask and edit a script that gets executed by root
SQL injection
PC hackthebox writeup
Easy linux machine in which we hack gRPC via SQL injection and escalate privileges thanks to a pyload CVE
Soccer hackthebox writeup
Easy linux machine in which we upload malicious files, we do a sqli in a websocket and privesc thanks to doas and dstat
Metatwo hackthebox writeup
Easy linux machine in which we exploit a couple wordpress vulneravilties and crack a couple hashes
Shared HTB writeup
Medium linux machine in which we use SQL injection, exploit ipython and redis
LFI
Inject hackthebox writeup
Easy linux machine in which we exploit a CVE found plaintext credentials adn privesc with ansible
Agile hackthebox writeup
Medium linux machine in which we get LFI forge our own flask token, exploit Chrome in debug mode and use a sudo CVE to privesc
Stocker hackthebox writeup
Easy linux machine in which we find a subdomain, bypass a login, get LFI thanks to XSS and escalate privileges via missconfiguration
Archangel tryhackme writeup
Easy linux machine in which we exploit and LFI, poison logs to get RCE, and escalate with both crontab and $PATH
RCE
Busqueda hackthebox writeup
Easy linux machine in which we exploit a known vulnerability,find plaintext credentials, and abuse a relative path
Inject hackthebox writeup
Easy linux machine in which we exploit a CVE found plaintext credentials adn privesc with ansible
Precious hackthebox writeup
Really easy linux machine in which we exploit a pdfkit RCE, find plaintext credentials and escalate thanks to a .yaml file
Photobomb hackthebox writeup
Easy linux machine in which we find exposed credentials, exploit a RCE and privilege escalate with PATH manipulation
port forwarding
Ambassador hackthebox writeup
Medium linux machine in which we exploit a CVE get credentials to a MySQL db then get ssh credentials and lastly find a consul token in a git repository to get root
Opensource HTB writeup
Easy linux machine in which we overwrite the app code with a malicious file name and changed a .githooks file
Horizontall HTB writeup
Easy linux machine in which we exploit strapi and forward a lavarel port to exploit it
bruteforcing
Death note vulnhub writeup
Very easy linux machine in which we upload a malicious php plugin to wordpress, bruteforce a user’s password and find unexpected files in the system
Bellatrix vulnhub writeup
Very easy linux machine in which we exploit a LFI to get RCE and abuse a SUID binary
Dobby vulnhub writeup
Very easy linux machine in which we bruteforce credentials and exploit a SUID binary
tryhackme
Archangel tryhackme writeup
Easy linux machine in which we exploit and LFI, poison logs to get RCE, and escalate with both crontab and $PATH
Road tryhackme writeup
Medium linux machine in which we exploit a non-secure change password functionality, upload malicious files, interact with mongodb and exploit insecure LD_PRELOAD
What I’ve learned in 3 months of hacking
In this article I will share my experience of learning some hacking during my 3 months of summer vacation and criticly analyze if I took the right path. Then I will try and give my best advice.
cron
Inject hackthebox writeup
Easy linux machine in which we exploit a CVE found plaintext credentials adn privesc with ansible
Agile hackthebox writeup
Medium linux machine in which we get LFI forge our own flask token, exploit Chrome in debug mode and use a sudo CVE to privesc
Archangel tryhackme writeup
Easy linux machine in which we exploit and LFI, poison logs to get RCE, and escalate with both crontab and $PATH
docker
MonitorsTwo hackthebox writeup
Easy linux machine in which we hack cacti with a CVE, get credentials from a SQL database, and exploit a docker CVE to escalate privileges
Busqueda hackthebox writeup
Easy linux machine in which we exploit a known vulnerability,find plaintext credentials, and abuse a relative path
Shoppy hackthebox writeup
Easy linux machine in which we inject NoSQL code, crack a password, reverse engineer a binary and escalate through docker
code review
Secret HTB writeup
Easy linux machine in which we hack a JWT, take advatage of the exec function and read files with a SUID binary
Previse HTB writeup
Easy linux machine in which we take advantage of the exec function, crack a hash and manipulate the $PATH
JWT
Noter HTB writeup
Medium linux machine in which we exploit flask-JWT we create a Bash script, exploit a RCE and get root with MySQL
Secret HTB writeup
Easy linux machine in which we hack a JWT, take advatage of the exec function and read files with a SUID binary
gitea
Busqueda hackthebox writeup
Easy linux machine in which we exploit a known vulnerability,find plaintext credentials, and abuse a relative path
Opensource HTB writeup
Easy linux machine in which we overwrite the app code with a malicious file name and changed a .githooks file
mpdf
Faculty HTB writeup
Medium linux machine in which we exploit mpdf with a bash script and escalate with gdb thanks to a capability
Trick HTB writeup
Easy linux machine in which we enumerate dns, fuzz subdomains, exploit and LFI, and exploit fail2ban
capabilities
Faculty HTB writeup
Medium linux machine in which we exploit mpdf with a bash script and escalate with gdb thanks to a capability
Trick HTB writeup
Easy linux machine in which we enumerate dns, fuzz subdomains, exploit and LFI, and exploit fail2ban
gdb
Faculty HTB writeup
Medium linux machine in which we exploit mpdf with a bash script and escalate with gdb thanks to a capability
Trick HTB writeup
Easy linux machine in which we enumerate dns, fuzz subdomains, exploit and LFI, and exploit fail2ban
ftp
Metatwo hackthebox writeup
Easy linux machine in which we exploit a couple wordpress vulneravilties and crack a couple hashes
Jangow:1.0.1 vulnhub writeup
Easy linux machine in which we exploit a RCE and an old linux version
log poisoning
Archangel tryhackme writeup
Easy linux machine in which we exploit and LFI, poison logs to get RCE, and escalate with both crontab and $PATH
Bellatrix vulnhub writeup
Very easy linux machine in which we exploit a LFI to get RCE and abuse a SUID binary
sudo
Stocker hackthebox writeup
Easy linux machine in which we find a subdomain, bypass a login, get LFI thanks to XSS and escalate privileges via missconfiguration
How to Privesc with java sudo/SUID
Short post in which I explain how to use java with sudo or with the SUID bit to privilege escalate
SUID
MonitorsTwo hackthebox writeup
Easy linux machine in which we hack cacti with a CVE, get credentials from a SQL database, and exploit a docker CVE to escalate privileges
How to Privesc with java sudo/SUID
Short post in which I explain how to use java with sudo or with the SUID bit to privilege escalate
reverse engineering
Impossible Password hackthebox writeup
Simple yet didactic reverse engineering challenge
Shoppy hackthebox writeup
Easy linux machine in which we inject NoSQL code, crack a password, reverse engineer a binary and escalate through docker
CVE
MonitorsTwo hackthebox writeup
Easy linux machine in which we hack cacti with a CVE, get credentials from a SQL database, and exploit a docker CVE to escalate privileges
PC hackthebox writeup
Easy linux machine in which we hack gRPC via SQL injection and escalate privileges thanks to a pyload CVE
strapi
Horizontall HTB writeup
Easy linux machine in which we exploit strapi and forward a lavarel port to exploit it
polkit
Paper HTB writeup
Easy linux machine in which we exploit an old wordpress version and the polkit exploit
code revision
Opensource HTB writeup
Easy linux machine in which we overwrite the app code with a malicious file name and changed a .githooks file
ipython
Shared HTB writeup
Medium linux machine in which we use SQL injection, exploit ipython and redis
redis
Shared HTB writeup
Medium linux machine in which we use SQL injection, exploit ipython and redis
bruteforce
Mr.robot vulnhub writeup
Easy linux machine in which we bruteforce credentials and abuse a SUID binary
ctf
What I’ve learned in 3 months of hacking
In this article I will share my experience of learning some hacking during my 3 months of summer vacation and criticly analyze if I took the right path. Then I will try and give my best advice.
picoctf
What I’ve learned in 3 months of hacking
In this article I will share my experience of learning some hacking during my 3 months of summer vacation and criticly analyze if I took the right path. Then I will try and give my best advice.
LD_PRELOAD
Road tryhackme writeup
Medium linux machine in which we exploit a non-secure change password functionality, upload malicious files, interact with mongodb and exploit insecure LD_PRELOAD
mongodb
Road tryhackme writeup
Medium linux machine in which we exploit a non-secure change password functionality, upload malicious files, interact with mongodb and exploit insecure LD_PRELOAD
uploading files
Road tryhackme writeup
Medium linux machine in which we exploit a non-secure change password functionality, upload malicious files, interact with mongodb and exploit insecure LD_PRELOAD
real life
How to Privesc with java sudo/SUID
Short post in which I explain how to use java with sudo or with the SUID bit to privilege escalate
java
How to Privesc with java sudo/SUID
Short post in which I explain how to use java with sudo or with the SUID bit to privilege escalate
NoSQL
Shoppy hackthebox writeup
Easy linux machine in which we inject NoSQL code, crack a password, reverse engineer a binary and escalate through docker
challenge
Impossible Password hackthebox writeup
Simple yet didactic reverse engineering challenge
websocket
Soccer hackthebox writeup
Easy linux machine in which we upload malicious files, we do a sqli in a websocket and privesc thanks to doas and dstat
doas
Soccer hackthebox writeup
Easy linux machine in which we upload malicious files, we do a sqli in a websocket and privesc thanks to doas and dstat
NoSQL injection
Stocker hackthebox writeup
Easy linux machine in which we find a subdomain, bypass a login, get LFI thanks to XSS and escalate privileges via missconfiguration
XSS
Stocker hackthebox writeup
Easy linux machine in which we find a subdomain, bypass a login, get LFI thanks to XSS and escalate privileges via missconfiguration
grafana
Ambassador hackthebox writeup
Medium linux machine in which we exploit a CVE get credentials to a MySQL db then get ssh credentials and lastly find a consul token in a git repository to get root
consul
Ambassador hackthebox writeup
Medium linux machine in which we exploit a CVE get credentials to a MySQL db then get ssh credentials and lastly find a consul token in a git repository to get root
ansible
Inject hackthebox writeup
Easy linux machine in which we exploit a CVE found plaintext credentials adn privesc with ansible
gRPC
PC hackthebox writeup
Easy linux machine in which we hack gRPC via SQL injection and escalate privileges thanks to a pyload CVE
pyload
PC hackthebox writeup
Easy linux machine in which we hack gRPC via SQL injection and escalate privileges thanks to a pyload CVE