This box has to be the toughest one I have done until now. Easy box? Hell no! With a current rating of 4.5, it is higher than most of the Medium level boxes. I started this one off with my brother in arms T13nn3s during a pizza and hack evening at work. Be sure to check out his blog.
Monthly Archives: November 2020
Hack The Box Writeup: Buff (10.10.10.198)
The first thing that might come into your mind when seeing the machine name, is a Buffer Overflow. If that is the case, you just guessed the procedure to obtain root on this machine. Using an exploit to gain a webshell on this Windows Server is the startingpoint of running the CloudMe Buffer Overflow attack for root.
Hack The Box Writeup: Fuse
Fuse was a box that felt realistic to me since printer software often is a nice way into the company. Using the content and log information on the Papercut website to make a custom wordlist and grab root by exploiting the CAPCOM vulnerability.
Hack The Box Writeup: Tabby
Exploiting Tomcat, extraction a password from a zipped backup, and privilege escalation based on LXD/LXC on Linux. That is what Tabby was all about. An Easy Linux box with good learning curve.
Hack The Box Writeup: Cache
I have to say I really enjoyed this machine. Cache starts with finding soms credentials, exploiting the OpenEMR webapplication and getting root by using a Docker GTFOBin. Cache really is a good educational box.
Continue reading