Ophiuchi - HackTheBox Writeup (10.10.10.227)
Medium-difficulty Linux box on exploiting insecure deserialisation vulnerability in a SnakeYAML applet. Privilege escalation by reverse-engineering and forging a deploy-ready WebAssembly binary to exploit a command injection vulnerability in the deploy script.
Tenet - HackTheBox Writeup (10.10.10.223)
Medium-difficulty Linux box about exploiting insecure deserialisation vulnerabilities in a PHP data migration program under development. Privilege escalation by exploiting a race condition between Bash variable references in an SSH backup script.
Ready - HackTheBox Writeup (10.10.10.220)
Medium-difficulty Linux box on exploiting CVE-2018-19571 (SSRF), CVE-2018-19585 (CRLF) vulnerabilities in GitLab 11.4.7 CE. Privilege escalation by abusing the notify_on_release feature in cgroups to escape the privileged Docker container.
Bucket - HackTheBox Writeup (10.10.10.212)
Medium-difficulty Linux box all about exploiting improperly configured Amazon S3 buckets. Privilege escalation by extracting credentials from DynamoDB and leveraging arbitrary file read through PD4ML, an HTML-to-PDF tool.
Time - HackTheBox Writeup (10.10.10.214)
Medium-difficulty Linux box on exploiting SSRF vulnerability CVE-2019-12384 in Jackson and leveraging a privileged shell script to gain root.
Passage - HackTheBox Writeup (10.10.10.206)
Medium-difficulty Linux box on exploiting CuteNews 2.1.2 CVE-2019-11447 and abusing Linux's official USB-creator tool to gain arbitrary file write as root.
Worker - HackTheBox Writeup (10.10.10.203)
Medium-difficulty Windows box with a focus on exploiting Azure DevOps environment.