Hack The Box

HTB - UpDown

HTB – UpDown

In this walk through, we will be going through the UpDown room from HackTheBox. This room is rated as Medium on the platform and it consists of initial access by enumerating .git directory and using phar filter to achieving remote code execution. For privilege escalation, easy_install binary has to be abused using a malicious python […]

HTB – UpDown Read More »

HTB - Support

HTB – Support

In this walk through, we will be going through the Support room from HackTheBox. This room is rated as Easy on the platform and it consists of enumeration of SMB share to get a executable file. Post that, reverse engineering is required to get the password that the binary uses to bind the LDAP server,

HTB – Support Read More »

HTB - Soccer

HTB – Soccer

In this walk through, we will be going through the Soccer room from HackTheBox. This room is rated as Easy on the platform and it consists of exploitation of CVE-2021-45010 in Tiny File Manager to get the initial foothold. Then, via SQL Injection lateral movement was done and at last doas binary was abused to

HTB – Soccer Read More »

HTB - ServMon

HTB – ServMon

In this walk through, we will be going through the ServMon room from HackTheBox. This room is rated as Easy on the platform and it consists LFI explotiation in NVMS-1000 instance to get the initial foothold. For privilege escalation, installed NSClient++ was abuse to run scripts in context of NT AUTHORITY. So, let’s get started

HTB – ServMon Read More »

HTB - Pandora

HTB – Pandora

In this walk through, we will be going through the Pandora room from HackTheBox. This room is rated as Easy on the platform and it consists of enumeration of SNMP service that reveal creds for initial foothold. For lateral movement, Pandora CMS exploitation is required and exploitation of SUID binary makes us root. So, let’s

HTB – Pandora Read More »

HTB - Multimaster

HTB – Multimaster

In this walk through, we will be going through the Multimaster room from HackTheBox. This room is rated as Insane on the platform and it consists of SQL Injection exploitation to get the initial foothold. Then, for the lateral movement vulnerable VS code installation was abused to move laterally and at last abuse of Generic

HTB – Multimaster Read More »

HTB - Mentor

HTB – Mentor

In this walk through, we will be going through the Mentor room from HackTheBox. This room is rated as Medium on the platform and it consists of enumeration of SNMP service to get credentials for an API endpoint which is vulnerable to a blind command injection attack. For privilege escalation , postgresql service is exploited

HTB – Mentor Read More »

HTB - Lame

HTB – Lame

In this walk through, we will be going through the Lame room from HackTheBox. This room is rated as easy on the platform and it consists of exploitation of a vulnerable Samba version to get root. So, let’s get started without any delay. Machine Info: Title Lame IPaddress 10.10.10.3 Difficulty Easy OS Linux Description Lame

HTB – Lame Read More »

HTB - Jeeves

HTB – Jeeves

In this walk through, we will be going through the Jeeves room from HackTheBox. This room is rated as Medium on the platform and it consists of exploitation of running Jenkins application. For privilege escalation, we have to crack a Keepass DB to get the admin hash and captured the root flag by exposing it

HTB – Jeeves Read More »

HTB - Intentions

HTB – Intentions

In this walk through, we will be going through the Intentions room from HackTheBox. This room is rated as Hard on the platform and it consists of exploitation by second-order SQL Injection, followed by abusing an API end point to get admin access on the website which is vulnerable to RCE and thus provide the

HTB – Intentions Read More »

Scroll to Top