June 2024

PG - Astronaut

PG – Astronaut

In this walk through, we will be going through the Astronaut room from Proving Grounds. This room is rated as Easy on the platform and it consist of exploitation of CVE-2021-21425 in Grav CMS to get initial foothold and then require abuse of unknown SUID binary to get root. So, let’s get started without any […]

PG – Astronaut Read More »

PG - Amaterasu

PG – Amaterasu

In this walk through, we will be going through the Amaterasu room from Proving Grounds. This room is rated as Easy on the platform and it consists of exploitation via Python File Server API to get the initial access. For privilege escalation, Path Hijacking is required to get root. So, let’s get started without any

PG – Amaterasu Read More »

PG - Algernon

PG – Algernon

In this walk through, we will be going through the Algernon room from Proving Grounds. This room is rated as Easy on the platform and it consists of SmarterMail RCE to get root. So, let’s get started without any delay. Machine Info: Title Algernon IPaddress 192.168.166.65 Difficulty Easy OS Windows Description Algernon is an Easy

PG – Algernon Read More »

PG - Access

PG – Access

In this walk through, we will be going through the Access room from Proving Grounds. This room is rated as Intermediate on the platform and it consists of a new technique to bypass extension filtering in Upload functionalities to get initial foothold. For the lateral movement, Kerberoasting is required of a target account and privilege

PG – Access Read More »

HTB - UpDown

HTB – UpDown

In this walk through, we will be going through the UpDown room from HackTheBox. This room is rated as Medium on the platform and it consists of initial access by enumerating .git directory and using phar filter to achieving remote code execution. For privilege escalation, easy_install binary has to be abused using a malicious python

HTB – UpDown Read More »

HTB - Support

HTB – Support

In this walk through, we will be going through the Support room from HackTheBox. This room is rated as Easy on the platform and it consists of enumeration of SMB share to get a executable file. Post that, reverse engineering is required to get the password that the binary uses to bind the LDAP server,

HTB – Support Read More »

HTB - Soccer

HTB – Soccer

In this walk through, we will be going through the Soccer room from HackTheBox. This room is rated as Easy on the platform and it consists of exploitation of CVE-2021-45010 in Tiny File Manager to get the initial foothold. Then, via SQL Injection lateral movement was done and at last doas binary was abused to

HTB – Soccer Read More »

HTB - ServMon

HTB – ServMon

In this walk through, we will be going through the ServMon room from HackTheBox. This room is rated as Easy on the platform and it consists LFI explotiation in NVMS-1000 instance to get the initial foothold. For privilege escalation, installed NSClient++ was abuse to run scripts in context of NT AUTHORITY. So, let’s get started

HTB – ServMon Read More »

HTB - Pandora

HTB – Pandora

In this walk through, we will be going through the Pandora room from HackTheBox. This room is rated as Easy on the platform and it consists of enumeration of SNMP service that reveal creds for initial foothold. For lateral movement, Pandora CMS exploitation is required and exploitation of SUID binary makes us root. So, let’s

HTB – Pandora Read More »

HTB - Multimaster

HTB – Multimaster

In this walk through, we will be going through the Multimaster room from HackTheBox. This room is rated as Insane on the platform and it consists of SQL Injection exploitation to get the initial foothold. Then, for the lateral movement vulnerable VS code installation was abused to move laterally and at last abuse of Generic

HTB – Multimaster Read More »

Scroll to Top