Player @ HackTheBox
Player is a hard box, that we solved in unintended ways that are partly patched now.
Player is a hard box, that we solved in unintended ways that are partly patched now.
Onetwoseven is a great machine on hackthebox, featuring symbolic links, port forwarding through sftp and some typical web application exploitation. For escalation of privilege we abuse sudo apt-get update && sudo apt-get upgrade, by faking a deb repository to install a fake, back-doored package. I combined the user and root...
Unattended is a high difficulty machine on hackthebox, featuring manual sql injection, log poisoning and some guessing.
Kryptos is 50 points machine on hackthebox, involving some interesting techniques, like setting up a fake database and making the application use it, abusing a weak rc4 implementation, pivoting through a web application and injecting into a sqlite database. In addition we exploit a weak prng on a application which...
Helpline is a really fun box on hackthebox.eu, which I was lucky enough to get system first blood on :) Weirdly enough I couldn't get the user first blood - but more to that later.