In this walk through, we will be going through the Pandora room from HackTheBox. This room is rated as Easy on the platform and it consists of enumeration of SNMP service that reveal creds for initial foothold. For lateral movement, Pandora CMS exploitation is required and exploitation of SUID binary makes us root. So, let’s […]
In this walk through, we will be going through the Multimaster room from HackTheBox. This room is rated as Insane on the platform and it consists of SQL Injection exploitation to get the initial foothold. Then, for the lateral movement vulnerable VS code installation was abused to move laterally and at last abuse of Generic
In this walk through, we will be going through the Mentor room from HackTheBox. This room is rated as Medium on the platform and it consists of enumeration of SNMP service to get credentials for an API endpoint which is vulnerable to a blind command injection attack. For privilege escalation , postgresql service is exploited
In this walk through, we will be going through the Lame room from HackTheBox. This room is rated as easy on the platform and it consists of exploitation of a vulnerable Samba version to get root. So, let’s get started without any delay. Machine Info: Title Lame IPaddress 10.10.10.3 Difficulty Easy OS Linux Description Lame
In this walk through, we will be going through the Jeeves room from HackTheBox. This room is rated as Medium on the platform and it consists of exploitation of running Jenkins application. For privilege escalation, we have to crack a Keepass DB to get the admin hash and captured the root flag by exposing it
In this walk through, we will be going through the Intentions room from HackTheBox. This room is rated as Hard on the platform and it consists of exploitation by second-order SQL Injection, followed by abusing an API end point to get admin access on the website which is vulnerable to RCE and thus provide the
In this walk through, we will be going through the Intelligence room from HackTheBox. This room is rated as Medium on the platform and it consists of password spraying of credentials captured from the internal PDF document. For privilege escalation, abuse of group managed service account privilege is used to perform constrained delegation attack which
In this walk through, we will be going through the Forest room from HackTheBox. This room is rated as Easy on the platform and it consists of exploitation by AsREProasting to get the initial foothold. For privilege escalation, DC Sync privilege was abused to get root. So, let’s get started without any delay. Machine Info:
In this walk through, we will be going through the Flight room from HackTheBox. This room is rated as Hard on the platform and it consists of exploitation of LFI to capture user NTLM hash in order to get foothold on the system and for privilege escalation, DCSync Privilege was abused to get root. So,
In this walk through, we will be going through the Escape room from HackTheBox. This room is rated as Medium on the platform and it consists of exploitation by capturing the MSSQL user NTLM hash to get the initial foothold. For privilege escalation, ESC1 vulnerability exploitation is required to obtain a valid certificate for the
