Driver is an Easy box from Hack the Box. The name gives you a very good idea of what you will encounter, but it’s still a fun box to do. It is an easy one, but the vulnerability is one that a lot of sysadmins know as “working late”.Continue reading
The box Omni had a very unusual Operating System for HTB machines. It was a Windows 10 IoT machine, which was new for me. The foothold consisted of an exploit for this Operating System. For user and root, I used the same technique and grabbed reverse shells.
I was over a month ago, since I last did a box on Hack The Box. So I choose one from the to-do list and that was Time. I have to say the box did not really satify me, but I did learn some new tricks on this medium Linux box.
This box is the first OpenBSD machine I have done on Hack The Box. As the name already tells, it has something to do with OpenSSH keys. The foothold was very interesting, root a bit easy for a medium box. Nevertheless, a great box.
This box really was compromised. Using some forensic skills you had to exploit the box using things the attacks left behind. In the end, there was some reverse engineering before the root flag could be grabbed. Truly a fun box to root.
This box has to be the toughest one I have done until now. Easy box? Hell no! With a current rating of 4.5, it is higher than most of the Medium level boxes. I started this one off with my brother in arms T13nn3s during a pizza and hack evening at work. Be sure to check out his blog.
The first thing that might come into your mind when seeing the machine name, is a Buffer Overflow. If that is the case, you just guessed the procedure to obtain root on this machine. Using an exploit to gain a webshell on this Windows Server is the startingpoint of running the CloudMe Buffer Overflow attack for root.
Fuse was a box that felt realistic to me since printer software often is a nice way into the company. Using the content and log information on the Papercut website to make a custom wordlist and grab root by exploiting the CAPCOM vulnerability.
Exploiting Tomcat, extraction a password from a zipped backup, and privilege escalation based on LXD/LXC on Linux. That is what Tabby was all about. An Easy Linux box with good learning curve.
I have to say I really enjoyed this machine. Cache starts with finding soms credentials, exploiting the OpenEMR webapplication and getting root by using a Docker GTFOBin. Cache really is a good educational box.Continue reading