HackTheBox – ‘Querier’

Hey everyone, today we’ll be going through the ‘Querier’ machine from Hack the Box. This was a fun Windows machine where we discover an Excel spreadsheet in an unprotected SMB share. This Excel file contains a macro that connects back to the machine’s SQL server (with hard-coded credential for us to steal). We are then […]

HackTheBox – ‘Lazy’ Walk-Through

This week, I’ve documented my methodology on the ‘Lazy’ machine. I’ll demonstrate a ‘padding oracle attack‘ to obtain a private SSH key exposed on the adminstrator web panel, and achieve privilege escalation via a path hijacking attack in Linux made possible by an insecure instance of an SUID binary. Let’s get started. What we know […]

HackTheBox – ‘Cronos’ Walk-Through

Welcome back everyone. For this week’s post, I’ll be going through the retired machine, ‘Cronos’. We start by running a DNS Zone Transfer to enumerate some hidden domains, then we follow it up with a basic SQL injection attack to bypass an authentication page. One inside, we’re able to abuse a ‘ping’ web function that […]

Hack the Box – ‘Stratosphere’ Walk-Through

Most of you are probably familiar with the Equifax data breach back in 2017 that ended up exposing over 140 million Americans private information. This was possible due to a vulnerability in the Apache Struts 2 framework, which allowed attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header. In this […]

Hack the Box – ‘Jeeves’ Walk-Through

Welcome back everyone! Today I’ll be documenting my process through the retired Hack the Box machine, ‘Jeeves’. We’ll obtain initial access by exploiting an exposed Jenkins server that is insecurely configured, and escalate our privileges by cracking a password-protected Keepass Database file to obtain an Administrator password hash. As the final step, we’ll take this […]