In this walk through, we will be going through the Intentions room from HackTheBox. This room is rated as Hard on the platform and it consists of exploitation by second-order SQL Injection, followed by abusing an API end point to get admin access on the website which is vulnerable to RCE and thus provide the […]
In this walk through, we will be going through the Intelligence room from HackTheBox. This room is rated as Medium on the platform and it consists of password spraying of credentials captured from the internal PDF document. For privilege escalation, abuse of group managed service account privilege is used to perform constrained delegation attack which
In this walk through, we will be going through the Forest room from HackTheBox. This room is rated as Easy on the platform and it consists of exploitation by AsREProasting to get the initial foothold. For privilege escalation, DC Sync privilege was abused to get root. So, let’s get started without any delay. Machine Info:
In this walk through, we will be going through the Flight room from HackTheBox. This room is rated as Hard on the platform and it consists of exploitation of LFI to capture user NTLM hash in order to get foothold on the system and for privilege escalation, DCSync Privilege was abused to get root. So,
In this walk through, we will be going through the Escape room from HackTheBox. This room is rated as Medium on the platform and it consists of exploitation by capturing the MSSQL user NTLM hash to get the initial foothold. For privilege escalation, ESC1 vulnerability exploitation is required to obtain a valid certificate for the
In this walk through, we will be going through the Cereal room from HackTheBox. This room is rated as Hard on the platform and it consists of exploitation of deserialization and XSS vulnerabilities to get foothold on the system and for privilege escalation, SEImpersonate Privilege was abused to get root. So, let’s get started without
In this walk through, we will be going through the Cerberus room from HackTheBox. This room is rated as Hard on the platform and it consists of exploitation of a RCE in Icinga web application and abuse of firejail SUID binary to perform a container breakout. For privilege escalation, Kerberos was exploited with a known
In this walk through, we will be going through the Broker room from HackTheBox. This room is rated as Easy on the platform and it consists of exploitation of a RCE in ActiveMQ installation. For privilege escalation, sudo misconfiguration was abused to get root. So, let’s get started without any delay. Machine Info: Title Broker
In this walk through, we will be going through the Blackfield room from HackTheBox. This room is rated as Hard on the platform and it consists of exploitation of Windows and Active Directory misconfigurations to get initial access. For privilge escalation, Backup Operators group privilege was abused to get SYSTEM. So, let’s get started without
In this walk through, we will be going through the Atom room from HackTheBox. This room is rated as Medium on the platform and it consists of exploitation of an Electron application to get initial access and for privilege escalation, exploitation of PortableKanban is required to get root. So, let’s get started without any delay.
