RedPanda - HackTheBox Writeup (10.10.11.170)
Easy-difficulty Linux box on exploiting a server-side template injection vulnerability in a Spring Boot web application, then a not-so-easy privilege escalation involving an XML external entity injection vulnerability in a custom view counter script.
Horizontall - HackTheBox Writeup (10.10.11.105)
Easy-difficulty Linux box on exploiting CVE-2019-19609 on Strapi and CVE-2021-3129 on Laravel. A good refresher on reverse tunnelling with Chisel and subdomain enumeration techniques.
Ophiuchi - HackTheBox Writeup (10.10.10.227)
Medium-difficulty Linux box on exploiting insecure deserialisation vulnerability in a SnakeYAML applet. Privilege escalation by reverse-engineering and forging a deploy-ready WebAssembly binary to exploit a command injection vulnerability in the deploy script.
Spectra - HackTheBox Writeup (10.10.10.229)
Easy-difficulty ChromeOS box with a focus on password reuse on WordPress. Privilege escalation by leveraging sudo rights on initctl to create a new malicious service and gain root access.
Tenet - HackTheBox Writeup (10.10.10.223)
Medium-difficulty Linux box about exploiting insecure deserialisation vulnerabilities in a PHP data migration program under development. Privilege escalation by exploiting a race condition between Bash variable references in an SSH backup script.
ScriptKiddie - HackTheBox Writeup (10.10.10.226)
Easy-difficulty Linux box on exploiting CVE-2020-7384 APK template vulnerability in MSFvenom. Privilege escalation by exploiting a command injection vulnerability in a Bash script, then pivoting to a privileged user with sudo rights on msfconsole.
Delivery - HackTheBox Writeup (10.10.10.222)
Easy-difficulty Linux box demonstrating a clever enumeration technique of leveraging the ticketing system to obtain a temporary email address under the victim's domain. Privilege escalation by dumping the password hash from MySQL and cracking it with mutation rules.
Ready - HackTheBox Writeup (10.10.10.220)
Medium-difficulty Linux box on exploiting CVE-2018-19571 (SSRF), CVE-2018-19585 (CRLF) vulnerabilities in GitLab 11.4.7 CE. Privilege escalation by abusing the notify_on_release feature in cgroups to escape the privileged Docker container.
Bucket - HackTheBox Writeup (10.10.10.212)
Medium-difficulty Linux box all about exploiting improperly configured Amazon S3 buckets. Privilege escalation by extracting credentials from DynamoDB and leveraging arbitrary file read through PD4ML, an HTML-to-PDF tool.
Laboratory - HackTheBox Writeup (10.10.10.216)
Easy-difficulty Linux box with a focus on exploiting local file inclusion and insecure deserialisation vulnerabilities in GitLab 12.8.1. Privilege escalation by escaping the Docker container and abusing a SUID binary with a PATH hijacking attack.
Time - HackTheBox Writeup (10.10.10.214)
Medium-difficulty Linux box on exploiting SSRF vulnerability CVE-2019-12384 in Jackson and leveraging a privileged shell script to gain root.
Passage - HackTheBox Writeup (10.10.10.206)
Medium-difficulty Linux box on exploiting CuteNews 2.1.2 CVE-2019-11447 and abusing Linux's official USB-creator tool to gain arbitrary file write as root.
Academy - HackTheBox Writeup (10.10.10.215)
Easy-difficulty Linux box about exploiting Laravel CVE-2018-15133 and privilege escalation with Composer.
Feline - HackTheBox Writeup (10.10.10.205)
Hard-difficulty Linux box on exploiting Apache Tomcat CVE-2020-9484 and abusing docker.sock exposure.
Doctor - HackTheBox Writeup (10.10.10.209)
A not-so-easy Linux box about advanced URL command injection and exploiting Splunk Universal Forwarder to gain root and persistence.