Driver is an Easy box from Hack the Box. The name gives you a very good idea of what you will encounter, but it’s still a fun box to do. It is an easy one, but the vulnerability is one that a lot of sysadmins know as “working late”.
Continue readingCategory Archives: Writeups
Hunting down Microsoft Exchange 0-day
On the 2nd of March 2021, our security team got a notification from Microsoft that they will release out-of-band security updates for Microsoft Exchange Server. After getting more information it turns out that there are four disclosed zero-day vulnerabilities for Microsoft Exchange Server On-premises. Exchange Online users are not affected. These zero-day vulnerabilities are known as CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065). In this article, we (d0p4m1n3, T13nn3s and Erik) want to take you through a story in which our security team goes to work to prevent the exploitation of these vulnerabilities, and we want to tell you our story in how we found a post-exploitation backdoor installed on an Exchange server by a threat actor.
Continue readingHack The Box Writeup: Omni (10.10.10.204)
The box Omni had a very unusual Operating System for HTB machines. It was a Windows 10 IoT machine, which was new for me. The foothold consisted of an exploit for this Operating System. For user and root, I used the same technique and grabbed reverse shells.
Hack The Box Writeup: Time
I was over a month ago, since I last did a box on Hack The Box. So I choose one from the to-do list and that was Time. I have to say the box did not really satify me, but I did learn some new tricks on this medium Linux box.
Hack The Box Writeup: OpenKeyS
This box is the first OpenBSD machine I have done on Hack The Box. As the name already tells, it has something to do with OpenSSH keys. The foothold was very interesting, root a bit easy for a medium box. Nevertheless, a great box.
Hack The Box Writeup: Compromised (10.10.10.207)
This box really was compromised. Using some forensic skills you had to exploit the box using things the attacks left behind. In the end, there was some reverse engineering before the root flag could be grabbed. Truly a fun box to root.
Hack The Box Writeup: Laboratory (10.10.10.216)
This box has to be the toughest one I have done until now. Easy box? Hell no! With a current rating of 4.5, it is higher than most of the Medium level boxes. I started this one off with my brother in arms T13nn3s during a pizza and hack evening at work. Be sure to check out his blog.
Hack The Box Writeup: Buff (10.10.10.198)
The first thing that might come into your mind when seeing the machine name, is a Buffer Overflow. If that is the case, you just guessed the procedure to obtain root on this machine. Using an exploit to gain a webshell on this Windows Server is the startingpoint of running the CloudMe Buffer Overflow attack for root.
Hack The Box Writeup: Fuse
Fuse was a box that felt realistic to me since printer software often is a nice way into the company. Using the content and log information on the Papercut website to make a custom wordlist and grab root by exploiting the CAPCOM vulnerability.
Hack The Box Writeup: Tabby
Exploiting Tomcat, extraction a password from a zipped backup, and privilege escalation based on LXD/LXC on Linux. That is what Tabby was all about. An Easy Linux box with good learning curve.