Introduction As you’ll see, we get to visit SNMP enumeration (not once, but twice!) and deal with a flaky web server which we fail to enumerate initially. Once the web server is accessible after a well deserved break, we manage to find some APIs to enumerate eventually leading to command injection and a reverse shell.
It’s here we realise we’re in a fairly minimal Docker container with not many tools at our disposal.
Introduction A challenging machine offering a VueJS app backed by an Express API. There’s also a separate PHP web store app to exploit for privilege escalation and gaining root access on the machine. This was the next medium machine on my list to tick off in my quest to progress to more difficult boxes and gain further experience.
As you’ll see, I had some fun with enumerating things, and my notes reflect this.
Introduction An easy rated machine, and one of my first on HTB that was recently retired. This box was pwned before I started using MarkText and adding in screenshots to my markdown notes, so I’ve only captured STDOUT here, and the entire write up is boring plain text.. sorry.
As always, I use Parrot OS Security Edition in a VirtualBox VM, with the OpenVPN client to connect to the HackTheBox VPN.
Intro This was my first medium difficulty box. I noticed it was the highest rated and due to be retired in 2 days – so I decided to tackle this machine in order to quickly release a walkthrough (content creation! clicks! views!) and practice my note taking skills. While I enjoy being in ’the zone’, it is well worthwhile breaking momentarily to take comprehensive notes that can be weaved into a cohesive narrative – if only so I can retrace my steps and help with future CTF challenges.
Intro I have been spending some time over the holiday break working on CTF challenges - including both Hack The Box, PicoCTF and learning a little binary exploitation. Taking notes for my own review & learning seemed like a good opportunity to post up CTF walkthroughs and get back into the habit of blogging again.
So, here is the first of hopefully many walkthroughs I will post up as time permits, and when machines on Hack The Box are retired.
My current setup The last several months have seen me moving around.. A lot (thanks COVID).. But after hunting around for furniture due to a shortage of standing desks, I’ve finalised my setup – and thank god.
Setup It’s been great to revive my Ultrawide and laptop in a fairly minimalist setup. This is my primary dev machine which, if you see my GitHub, has caused no end of issues with running Linux (#YearOfTheLinuxDesktop) in the 2 years I’ve had it.
