writeup


HackTheBox Writeup: Control

July 21, 2020

Control is a Hard difficulty Windows CTF (yay!) from HackTheBox. Control was a very good challenge, it starts out in a pretty generic manner, requiring the exploitation of a SQL injection flaw in a web application that only allows users connecting from a specific proxy, but when local access is established the real fun begins. And by fun I mean trial and error, because there is quite a bit of guess work going on in the privilege escalation part, but even if the box doesn’t tell you what to do in a huge font it still leaves out some hints so that you can get there in the end, when you realize that in order to escalate privileges you have to find a Windows service of which you can change the properties from the registry to hijack its execution when it is then started, which I thought was a pretty cool idea. ... Read more …

Tags: hackthebox ctf writeup

HackTheBox Writeup: Resolute

July 20, 2020

While Resolute starts very easy and generic the privilege escalation part reflects a useful and realistic scenario which is definintely a good addition to my Windows pentesting toolbox. Much like in Monteverde here all we need to obtain the user shell is doing some simple standard Windows enumeration with the usual tools, and the privilege escalation phase is about exploiting the permissions of a Windows group, that allows us to escalate from DnsAdmin to SYSTEM in a couple commands. ... Read more …

Tags: hackthebox ctf writeup

HackTheBox Writeup: Nest

July 20, 2020

Nest suffered from the unfortunate fate of being vulnerable to a couple unwanted instant root paths that took both first bloods in a matter of minutes, so a lot of people missed the intended route which actually turned out to be original, creative, and in my opinion a lot of fun. So kudos to VbScrub for this neat little challenge. In short, there’s a custom application running on a high port that allows to navigate a decent amount of the filesystem but requires a password to read any files, at the end of the day this box is all a matter of careful enumeration, exploration, and “analysis” (or copy and pasting). ... Read more …

Tags: hackthebox ctf writeup

HackTheBox Writeup: Monteverde

July 19, 2020

Monteverde is very easy for a Medium box but for that I also have to thank another HTB member, VbScrub, who automated the privilege escalation method for a lot of people, myself included, when apparently before that some tweaking was required beforehand, perhaps making me skip some of the difficulty in this challenge. Nonetheless, this was a fun little box albeit I’m never a fan of bruteforcing, which is how the first pair of credentials is found. ... Read more …

Tags: hackthebox ctf writeup

HackTheBox Writeup: Traverxec

April 10, 2020

Traverxec makes for an easy and fun little box for beginners, it doesn’t present any particular challenges that other boxes haven’t shown but even if it is not that original it is a perfect introduction to the website, or so I believe. Anyway the path to root is very straightforward, a public exploit for Nostromo CMS is used to gain foothold and then a private RSA SSH key is found and its passhprase is cracked to grant us user access. ... Read more …

Tags: hackthebox ctf writeup

HackTheBox Writeup: Sniper

March 26, 2020

I really liked Sniper, I can’t say I’ve ever seen the two attack vectors required for this challenge in any other HTB CTF and both were fun to exploit and take note of, since this is a fairly realistic challenge, my favorite kind. The challenge begins with the exploitation of an RFI vulnerability that allows a web application to include a PHP page from another host, with that a web shell is opened and credentials for an account are found so a proper reverse shell is started. ... Read more …

Tags: hackthebox ctf writeup

comments powered by Disqus