In this walk through, we will be going through the Mentor room from HackTheBox. This room is rated as Medium on the platform and it consists of enumeration of SNMP service to get credentials for an API endpoint which is vulnerable to a blind command injection attack. For privilege escalation , postgresql service is exploited […]
In this walk through, we will be going through the Lame room from HackTheBox. This room is rated as easy on the platform and it consists of exploitation of a vulnerable Samba version to get root. So, let’s get started without any delay. Machine Info: Title Lame IPaddress 10.10.10.3 Difficulty Easy OS Linux Description Lame
In this walk through, we will be going through the Jeeves room from HackTheBox. This room is rated as Medium on the platform and it consists of exploitation of running Jenkins application. For privilege escalation, we have to crack a Keepass DB to get the admin hash and captured the root flag by exposing it
In this walk through, we will be going through the Intentions room from HackTheBox. This room is rated as Hard on the platform and it consists of exploitation by second-order SQL Injection, followed by abusing an API end point to get admin access on the website which is vulnerable to RCE and thus provide the
In this walk through, we will be going through the Intelligence room from HackTheBox. This room is rated as Medium on the platform and it consists of password spraying of credentials captured from the internal PDF document. For privilege escalation, abuse of group managed service account privilege is used to perform constrained delegation attack which
In this walk through, we will be going through the Forest room from HackTheBox. This room is rated as Easy on the platform and it consists of exploitation by AsREProasting to get the initial foothold. For privilege escalation, DC Sync privilege was abused to get root. So, let’s get started without any delay. Machine Info:
In this walk through, we will be going through the Flight room from HackTheBox. This room is rated as Hard on the platform and it consists of exploitation of LFI to capture user NTLM hash in order to get foothold on the system and for privilege escalation, DCSync Privilege was abused to get root. So,
In this walk through, we will be going through the Escape room from HackTheBox. This room is rated as Medium on the platform and it consists of exploitation by capturing the MSSQL user NTLM hash to get the initial foothold. For privilege escalation, ESC1 vulnerability exploitation is required to obtain a valid certificate for the
In this walk through, we will be going through the Cereal room from HackTheBox. This room is rated as Hard on the platform and it consists of exploitation of deserialization and XSS vulnerabilities to get foothold on the system and for privilege escalation, SEImpersonate Privilege was abused to get root. So, let’s get started without
In this walk through, we will be going through the Cerberus room from HackTheBox. This room is rated as Hard on the platform and it consists of exploitation of a RCE in Icinga web application and abuse of firejail SUID binary to perform a container breakout. For privilege escalation, Kerberos was exploited with a known
