Category Listing for 'Hackthebox'


Solidstate linux [ hackthebox ]

Powning a James administration with default credentials
linux, CVE-2015-7611, james, james-server, pop3, oscp-like

Devel [ hackthebox ]

A windows 7 machine vulnerable to JuicyPotato (for x86 architecture)
windows, IIS7, IIS, x86, seImpersonatePrivilege, JuicyPotatox86

Resolute windows [ hackthebox ]

Abusing DNSAdmins privilege for escalation in Active Directory
windows, dnscmd, dnsadmins, DC, active-directory

Return windows [ hackthebox ]

Using SeBackupPrivilege to read files
windows, SeBackupPrivilege, printer

Granny Windows [ hackthebox ]

Webdav allow us to upload a reverse shell and churrasco help us for the priv esc
windows, churrasco, webdav, cadaver, davtest, x86, windows-2003

Trick linux [ hackthebox ]

Abusing fail2ban to escalate privileges
linux, nslookup, dns, lfi, fail2ban, dotdotpwn

Enterprise linux [ hackthebox ]

Attacking joomla/wordpress then escaping Docker
linux, wordpress-4.8.1, wordpress, cmsmap, wpscan, hydra, ltrace, joomla

Friendzone linux [ hackthebox ]

Snooping into processes without need for root permissions to then exploit python misconfiguration
linux, dig, host, python, pspy

Late linux [ hackthebox ]

SSTI into the machine then abusing a misconfigured ssh script
linux, flask, SSTI, server-side-template-injection, template, injection, template-injection

Htb Heist Windows [ hackthebox ]

Dumping processes to then retrieve logged passwords
windows, rid-brute, crackmapexec, sysinternal, procdump, grep, firefox

Postman linux [ hackthebox ]

Redis misconfiguration allowing SSH key creation
linux, webmin, webmin-1.910, 1910, redis, redis-409, redis-ssh, ssh2john

Haircut linux [ hackthebox ]

Using curl to write files then Screen for Privilege escalation
linux, strpos, strpos-bypass, screen, screen-4.5, curl, command, injection

Cronos linux [ hackthebox ]

In the server viabasic attacks to then compromise a laravel application
linux, weevely, command-injection, laravel, php, domain-enumeration, gobuster-dns, gobuster-vhost, sqli

Devoops linux [ hackthebox ]

Exploiting XXE vulnerability on Gunicorn server
linux, xml, xxe, git, XML-External-Entity

Htb Knife Linux [ hackthebox ]

Exploiting a vulnerability for PHP/8.1.0-dev
linux