HackTheBox - Forge

Box Info Name: Forge OS: Linux Difficulty: Medium IP: Points: 30 Machine Creator: NoobHacker9999 Introduction Forge is a fun box on Hackthebox that has a File Upload functionality which is vulnerable to SSRF. This exposes the internal Admin panel and lets us read files with internal FTP service, which includes SSH key pair of the user. Listing the available commands we can run as a superuser, we have a python script which opens a socket connection....

January 22, 2022 · 5 min · 1027 words · Aditya Telange

HackTheBox - Pit

Pit is a fun box where SNMP Data reveals that seeddms instance is running, which is vulnerable to RCE. The box has CentOS’s Cockpit Web Console on port 9090, which uses reused password from DB credentials. This gives access to user shell. LinPeas reveals there is a monitoring service, which runs bash scripts in a particular directory. Chaining this with SNMPwalk gives us root.

September 25, 2021 · 6 min · 1146 words · Aditya Telange

HackTheBox - Tenet

Tenet is a fun box where we find a backup of a staging PHP file which loads external code via deserialization, which leads to code-execution and a reverse shell. This leads to access to a script which the non-sudoer user can run to add ssh-key for getting root shell.

June 12, 2021 · 6 min · 1154 words · Aditya Telange

HackTheBox - Ready

Ready is a fun box which is using an outdated GitLab community version. Which apparently has an exploit which gives RCE to authenticated users. This RCE gives access to docker container in which gitlab instance is running, and we have to breakout the container to escalate our privilages to get own root!

May 15, 2021 · 4 min · 774 words · Aditya Telange