HackTheBox - Knife

Knife is a fun box which uses a PHP version having backdoor, which leads to RCE. The box has a command named knife which lets non-superusers run commanad as root.

August 28, 2021 · 2 min · Aditya Telange

HackTheBox - Love

Love is a fun box where we find a hidden subdomain that helps us retrieve Forbidden pages, where admin credentials are leaked of another service. The access to the admin dashboard has a file upload, through which we get a reverse shell. The box then has AlwaysInstallElevated that allows a regular user to install a Microsoft Windows Installer Package (MSI) with system privileges, which helps us get the Administrator access.

August 7, 2021 · 5 min · Aditya Telange

HackTheBox - Tenet

Tenet is a fun box where we find a backup of a staging PHP file which loads external code via deserialization, which leads to code-execution and a reverse shell. This leads to access to a script which the non-sudoer user can run to add ssh-key for getting root shell.

June 12, 2021 · 6 min · Aditya Telange
This site uses cookies to improve your experience on our website. By using and continuing to navigate this website, you accept this. More details in Privacy Statement.