#Easy

RedPanda - HackTheBox Writeup (10.10.11.170)

Easy-difficulty Linux box on exploiting a server-side template injection vulnerability in a Spring Boot web application, then a not-so-easy privilege escalation involving an XML external entity injection vulnerability in a custom view counter script.

Posted on Fri, Jan 20, 2023 Easy Linux Web Application Server-side Template Injection XXE Injection

Timelapse - HackTheBox Writeup (10.10.11.152)

Easy-difficulty Windows machine with a focus on Active Directory LDAP and SMB enumeration. Privilege escalation by recovering service account credentials in PowerShell history logs, then dumping LAPS passwords from the service account.

Posted on Sun, Jul 17, 2022 Easy Windows Active Directory SMB LAPS

Horizontall - HackTheBox Writeup (10.10.11.105)

Easy-difficulty Linux box on exploiting CVE-2019-19609 on Strapi and CVE-2021-3129 on Laravel. A good refresher on reverse tunnelling with Chisel and subdomain enumeration techniques.

Posted on Sat, Jan 29, 2022 Easy Linux Web Application Strapi Laravel

Spectra - HackTheBox Writeup (10.10.10.229)

Easy-difficulty ChromeOS box with a focus on password reuse on WordPress. Privilege escalation by leveraging sudo rights on initctl to create a new malicious service and gain root access.

Posted on Mon, Jul 5, 2021 Easy Linux WordPress Password Reuse SUID Binary

ScriptKiddie - HackTheBox Writeup (10.10.10.226)

Easy-difficulty Linux box on exploiting CVE-2020-7384 APK template vulnerability in MSFvenom. Privilege escalation by exploiting a command injection vulnerability in a Bash script, then pivoting to a privileged user with sudo rights on msfconsole.

Posted on Sun, Jun 13, 2021 Easy Linux Web Application MSFvenom Command Injection

Delivery - HackTheBox Writeup (10.10.10.222)

Easy-difficulty Linux box demonstrating a clever enumeration technique of leveraging the ticketing system to obtain a temporary email address under the victim's domain. Privilege escalation by dumping the password hash from MySQL and cracking it with mutation rules.

Posted on Wed, Jun 2, 2021 Easy Linux Web Application MatterMost MySQL

Laboratory - HackTheBox Writeup (10.10.10.216)

Easy-difficulty Linux box with a focus on exploiting local file inclusion and insecure deserialisation vulnerabilities in GitLab 12.8.1. Privilege escalation by escaping the Docker container and abusing a SUID binary with a PATH hijacking attack.

Posted on Sun, Apr 18, 2021 Easy Linux GitLab Docker PATH Hijacking

Academy - HackTheBox Writeup (10.10.10.215)

Easy-difficulty Linux box about exploiting Laravel CVE-2018-15133 and privilege escalation with Composer.

Posted on Wed, Mar 3, 2021 Easy Linux Web Application Laravel Composer

Doctor - HackTheBox Writeup (10.10.10.209)

A not-so-easy Linux box about advanced URL command injection and exploiting Splunk Universal Forwarder to gain root and persistence.

Posted on Sat, Feb 27, 2021 Easy Linux Web Application Command Injection Splunk Forwarder