Hack The Box is a massive, online cyber security training platform, allowing individuals, companies, universities and all kinds of organizations around the world to level up their hacking skills.
Note: Writeups/Walkthroughs on this blog are published only after the particular box is retired from HackTheBox active machines.
Legacy is a relatively easy box which has SMB running on Windows XP(2000) OS. We find the exploit with metasploit and get access to priviledged user NT AUTHORITY\SYSTEM directly.
Lame is the 1st box on HackTheBox which requires only one exploit in Samba to obtain root access. We also explore other ways during we reach to superuser’s shell.
Horizontall is a fun box which has an API, vulnerable to Improper Access Control and RCE. The box is running a laravel service which is vulnerable to RCE which lets us run commanad as root.
Box Info Name: Forge OS: Linux Difficulty: Medium IP: 10.10.11.111 Points: 30 Machine Creator: NoobHacker9999 Introduction Forge is a fun box on Hackthebox that has a File Upload functionality which is vulnerable to SSRF. This exposes the internal Admin panel and lets us read files with internal FTP service, which includes SSH key pair of the user.
Listing the available commands we can run as a superuser, we have a python script which opens a socket connection....