Search by Tag

HTB

05 April 2024

HTB Codify Writeup

# Enumeration I will start with a port scanning on the machine's ip to identify ports opened: ```bash ❯ sudo...

nodejs, rce, sqlite3, hashes, sudoers, bash-bruteforcing

HTB

08 April 2024

HTB Hospital Writeup

## Enumeration I will start with a basic port scanning with nmap: ```bash ❯ nmap -sVC -p- --open -sS --min-rate...

webshell_upload, kernel_exploits, hash_cracking, pivoting, phishing, ghostscript_rce

HTB

17 April 2024

HTB Surveillance writeup

In this machine, we have a web service vulnerable to RCE of [Craft CMS 4.4.14 exploit](https://github.com/Faelian/CraftCMS_CVE-2023-41892) that give us access...

craft_cms, hash_cracking, zoneminder_exploit, sudoers, abusing_zmupdate.pl

HTB

26 April 2024

HTB Devvortex Writeup

In this machine, we have a joomla web vulnerable to [CVE-2023-23752](https://book.hacktricks.xyz/network-services-pentesting/pentesting-web/joomla#api-unauthenticated-information-disclosure) that gives us the password of lewis user to...

joomla, CVE-2023-23752, information_leakage, password_reuse, joomla_rce, database_enumeration, hash_cracking, ssh, sudoers, apport-cli, CVE-2023-1326

HTB

03 May 2024

HTB Napper Writeup

In this machine, we have a information disclosure in a posts page. Next, we have to exploit a backdoor present...

information_disclosure, abusing_backdoor, naplistener, elasticsearch, reverse_engineering, go_reverse_engineering, decryption_with_AES, runascs

HTB

11 May 2024

HTB Monitored Writeup

In this machine, we have a snmp service that leaks credentials that we can use to nagiosxi using the api...

udp, snmp, nagiosxi, api, nagios_rce, sudoers, abusing_nagios_scripts

HTB

18 May 2024

HTB Ouija Writeup

Ouija is a insane machine in which we have to complete the following steps. In first place, we have to...

fuzzing, html_inspection, information_leakage, haproxy, http_request_smuggling, CVE-2021-40346, source_code_inspection, hash_extension_attack, lfi, proc_files, php_plugin, integer_overflow, buffer_overflow, webshell

HTB

24 May 2024

HTB Bizness Writeup

Bizness is an easy machine in which we gain access by exploiting CVE-2023-51467 and CVE-2023-49070 vulnerabilitites of Apache Ofbiz. Then,...

apache_ofbiz, CVE-2023-51467, CVE-2023-49070, hash_cracking, hash_salt, su

HTB

05 June 2024

HTB Analysis Writeup

Analysis is a hard machine of HackTheBox in which we have to do the following things. First, we have to...

fuzzing, ldap-injection, php-shell, upload-vulnerabilities, autologon, dll-injection

HTB

08 June 2024

HTB Pov Writeup

Pov is a Windows machine with a medium difficulty rating in which we have to do the following things. First,...

lfi, web.config, deserialization, exploiting-viewstate, decrypting-securestring, sedebugprivilege

HTB

13 June 2024

HTB Crafty writeup

Crafty is a easy windows machine in HackTheBox in which we have to abuse the following things. In first place,...

minecraft, log4j, jdgui, analyzing-jar, minecraft-plugins

HTB

21 June 2024

HTB Office writeup

Office is a Hard Windows machine in which we have to do the following things. First, we have a Joomla...

joomla-information-disclosure, CVE-2023-23752, smb-enumeration, pcap-tcp-packet-analysis, wireshark, krb-hash, joomla-rce, runascs, password-reuse, port-forwading, libreoffice-odt-exploitation, CVE-2023-2255, dpapi-creds, mimikatz, bloodhound, modifying-group-policy

HTB

28 June 2024

HTB Jab writeup

Jab is a Windows machine in which we need to do the following things to pwn it. First, we have...

xmpp, xmpp-user-enumeration, asreproast, hash-cracking, executedcom, dcomexec.py, openfire-rce, CVE-2023-32315

HTB

06 July 2024

HTB Perfection writeup

Perfection is a easy linux machine which starts with a ruby SSTI in a grade calculator combined with a CRLF...

ssti, ruby, crlf-injection, sqlite, hash-cracking, sudo-group

HTB

15 July 2024

HTB Corporate writeup

# Enumeration ## Port scanning I will start with a basic TCP port scanning with nmap to see which ports...

xss, bypass-csp, cookie-hijacking, idor, vpn, password-spraying, .mozilla-enumeration, bruteforce-bitwarden-pin, source-code-analysis, cookie-forging, jwt, docker-privesc, abupve

HTB

20 July 2024

HTB Headless writeup

Headless is an Easy Linux machine of HackTheBox where first its needed to make a XSS attack in the User-Agent...

xss, command-injection, sudoers, path-hijacking-./

HTB

27 July 2024

HTB WifineticTwo writeup

WifineticTwo is a linux medium machine where we can practice wifi hacking. First, I will exploit a OpenPLC runtime instance...

openplc, cve-2021-31630, wifi-scanning, pixiedust, port-scanning, ssh

HTB

03 August 2024

HTB IClean writeup

IClean is a Linux medium machine where we will learn different things. First, there is a web that offers a...

xss, ssti, sql, password-reuse, qpdf, sudoers

HTB

10 August 2024

HTB Usage writeup

Usage is a linux easy machine which start with a SQL injection in a forgot password functionality. With this SQL...

sql-injection, boolean-based-sql-injection, hash-cracking, upload-vulnerabilities, monit, sudoers, abuse-symlinks, zip

HTB

17 August 2024

HTB FormulaX writeup

FormulaX starts with a website used to chat with a bot. Here, there is a contact section where I can...

xss, websocket, simple-git-cve, CVE-2022-24066, mongodb, hash-cracking, librenms, librenms-abuse-template, laravel-blade, php, env-creds, sudoers, libreoffice-server-abuse, apache-uno-api

HTB

24 August 2024

HTB Runner writeup

{% raw %} Runner is a linux medium machine that teaches teamcity exploitation and portainer exploitation. First, I will abuse...

teamcity, cve-2023-42793, teamcity-api, teamcity-rce, hsql, bcrypt, hash-cracking, id_rsa, portainer

HTB

02 September 2024

HTB Skyfall writeup

{% raw %} Skyfall is a linux insane machine that teaches things about cloud and secrets management using third parties...

forbidden-bypass, minio-cloud, minio-cve, CVE-2023-28432, hashicorp-vault, vault-ssh, sudoers, vault-unseal, race-condition

HTB

07 September 2024

HTB Mailing writeup

{% raw %} Mailing is an easy Windows machine that teaches the following things. First, its needed to abuse a...

lfi, hMailServer, hMailServer-configuration, hash-cracking, outlook-vulnerabilities, CVE-2024-21413, ntlm-hash, libreoffice-odt-exploit, CVE-2023-2255

HTB

14 September 2024

HTB Intuition writeup

{% raw %} Intuition is a linux hard machine with a lot of steps involved. First, I will abuse a...

xss, cookie-hijacking, cve-2023-24329, urllib, ssrf, ssrf-to-lfi, url-wrappers, ftp, ssh-key, ssh-key-comments, sqlite, hash-cracking, binary-analysis, suricata-logs, sudoers, ghidra, command-execution

HTB

21 September 2024

HTB Solarlab writeup

{% raw %} Solarlab is a windows machine that requires few steps to complete. First, I will extract passwords from...

smb, spreadsheet, libreoffice, bruteforcing-web, rce, CVE-2023-33733, pdf, openfire-exploit, CVE-2023-32315, openfire-database, decrypt-password, java

HTB

28 September 2024

HTB Boardlight writeup

{% raw %} Boardlight is a linux machine that involves dolibarr exploitation and an enlightenment cve. First, a discovered subdomain...

dolibarr, CVE-2023-30253, subdomain-enumeration, crm, erp, php-injection, php-configuration, mysql, password-reuse, suid, enlightenment, CVE-2022-37706

HTB

05 October 2024

HTB Freelancer writeup

{% raw %} Freelancer is a windows machine with a lot of techniques like web and active directory. First, I...

forgot-password, idor, qrcode, mssql, xp_cmdshell, sql-configuration, crash-dump-analysis, active-directory-acls, genericwrite, nt-hashes, secretsdump

HTB

12 October 2024

HTB Blurry writeup

{% raw %} Blurry is a medium linux machine from HackTheBox that involves ClearML and pickle exploitation. First, I will...

clearml, machine-learning, CVE-2024-24590, pickle, deserialization, python-torch, sudoers

HTB

12 October 2024

HTB