linux Archives • Page 3 of 6 • Vulndev

28MarMarch 28, 2021

Passage @ HackTheBox

Solving Passage on HackTheBox. This is an easy box involving 2 public exploits, one for the CuteNews CMS and one for the USBCreator D-Bus interface.

By xctCTFcutenews, cve, d-bus, hackthebox, linux, usbcreator

27MarMarch 27, 2021

Luanne @ HackTheBox

Solving Luanne on HackTheBox. This is an easy 20-point machine involving a simple command injection and some password cracking.

By xctCTFcommand injection, cracking, hackthebox, linux, lua

20MarMarch 20, 2021

Crossfit @ HackTheBox

Solving Crossfit, a 50-point Linux machine on HackTheBox which involves a lot of cross-site scripting, a command-injection, and finally some light reversing.

By xctCTFcommand injection, hackthebox, linux, reversing, xss

27FebFebruary 27, 2021

Academy @ HackTheBox

Solving Academy on HackTheBox, a 20-point Linux machine on HackTheBox that involves a Laravel deserialization RCE, stored credentials & sudo composer.

By xctCTFcomposer, hackthebox, laravel, linux, sudo

21NovNovember 21, 2020

Buff @ HackTheBox

Buff is a 20-point Windows Machine on HackTheBox, created by egotisticalSW. It involves 2 simple public exploits and forwarding a port.

By xctCTFcve, hackthebox, linux, port forwarding

11JulJuly 11, 2020

Book is a 30-point Linux machine on HackTheBox. We log into a web application by exploiting SQL truncation and then use a Local File Inclusion vulnerability to obtain an SSH key. By exploiting a logrotate CVE we escalate privileges.

By xctCTFcve, hackthebox, lfi, linux, logrotate, sql trunaction

04JulJuly 4, 2020

ForwardSlash @ HackTheBox

ForwardSlash is a 40-point Linux Machine on HackTheBox. We use a path traversal vulnerability to get ssh credentials and abuse a custom backup program to read an old configuration file. For root we mount a custom LUKS image that contains a setuid program.

By xctCTFhackthebox, linux, luks, path traversal

16MayMay 16, 2020

Patents @ HackTheBox

Patents is a 40-point Linux machine on HackTheBox. For user we exploit an external entity injection in a word document and a local file inclusion that involves path traversal and calculating the name of an uploaded file. For root we use return oriented programming to exploit a stack overflow in...

By xctCTFbinary exploitation, hackthebox, lfi, linux, path traversal, rop, word, xxe

09MayMay 9, 2020

Obscurity @ HackTheBox

Obscurity is a 30-point Linux machine on HackTheBox that involves exploiting a command injection in a custom webserver, breaking a simple cipher and abusing file system permissions to get root.

By xctCTFcommand injection, crypto, hackthebox, linux

02MayMay 2, 2020

OpenAdmin @ HackTheBox

OpenAdmin is a 20-Point Linux machine on HackTheBox that involves using a public exploit for OpenNetAdmin & abusing a sudo entry for nano.

By xctCTFcve, hackthebox, linux, opennetadmin, sudo

Tag - linux

Passage @ HackTheBox

Luanne @ HackTheBox

Crossfit @ HackTheBox

Academy @ HackTheBox

Buff @ HackTheBox

Book @ HackTheBox

ForwardSlash @ HackTheBox

Patents @ HackTheBox

Obscurity @ HackTheBox

OpenAdmin @ HackTheBox