Detailed walkthrough of the hackdonalds challenge on Intigriti platform, covering initial enumeration, exploiting vulnerabilities, and obtaining user and root flags.
Busqueda is an Easy Difficulty Linux machine that involves exploiting a command injection vulnerability present in a `Python` module. By leveraging this vulnerability, we gain user-level access to the machine. To escalate privileges to `root`, we discover credentials within a `Git` config file, allowing us to log into a local `Gitea` service. Additionally, we uncover that a system checkup script can be executed with `root` privileges by a specific user. By utilizing this script, we enumerate `Docker` containers that reveal credentials for the `administrator` user and `Gitea` account. Further analysis of the system checkup script and source code in a `Git` repository reveals a means to exploit a relative path reference, granting us Remote Code Execution (RCE) with `root` privileges.
Learn about and get hands-on with common technologies and security products used in corporate environments; both host and network-based security solutions are covered.
IClean is a medium-difficulty Linux machine featuring a website for a cleaning services company. The website contains a form where users can request a quote, which is found to be vulnerable to Cross-Site Scripting (XSS). This vulnerability is exploited to steal an admin cookie, which is then used to access the administrator dashboard. The page is vulnerable to Server-Side Template Injection (SSTI), allowing us to obtain a reverse shell on the box. Enumeration reveals database credentials, which are leveraged to gain access to the database, leading to the discovery of a user hash. Cracking this hash provides `SSH` access to the machine. The userβs mail mentions working with PDFs. By examining the `sudo` configuration, it is found that the user can run `qpdf` as `root`. This is leveraged to attach the `root` private key to a PDF, which is then used to gain privileged access to the machine.
Office is a hard-difficulty Windows machine featuring various vulnerabilities including Joomla web application abuse, PCAP analysis to identify Kerberos credentials, abusing LibreOffice macros after disabling the `MacroSecurityLevel` registry value, abusing MSKRP to dump DPAPI credentials and abusing Group Policies due to excessive Active Directory privileges.
Detailed walkthrough of the Crafty room on HackTheBox platform, covering initial enumeration, exploiting vulnerabilities, and obtaining user and root flags.
Detailed walkthrough of the mKingdom room on TryHackMe platform, covering initial enumeration, exploiting vulnerabilities, and obtaining user and root flags.
Detailed walkthrough of the Monitored box on HackTheBox platform, covering initial enumeration, exploiting vulnerabilities, and obtaining user and root flags.
Detailed walkthrough of the Builder box on HackTheBox platform, covering initial enumeration with LFI, exploiting vulnerabilities, and obtaining user and root flags.
