This week, I’ve documented my methodology on the ‘Lazy’ machine. I’ll demonstrate a ‘padding oracle attack‘ to obtain a private SSH key exposed on the adminstrator web panel, and achieve privilege escalation via a path hijacking attack in Linux made possible by an insecure instance of an SUID binary. Let’s get started. What we know […]
Welcome back everyone. For this week’s post, I’ll be going through the retired machine, ‘Cronos’. We start by running a DNS Zone Transfer to enumerate some hidden domains, then we follow it up with a basic SQL injection attack to bypass an authentication page. One inside, we’re able to abuse a ‘ping’ web function that […]
Most of you are probably familiar with the Equifax data breach back in 2017 that ended up exposing over 140 million Americans private information. This was possible due to a vulnerability in the Apache Struts 2 framework, which allowed attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header. In this […]
Hello again everyone, welcome back to another HacktheBox walk-through. This time around, I’ll be going through the ‘Active’ machine. This is a great example of a more “real-world” Active Directory attack scenario, where we steal credentials from an exposed Group Policy file, and then Kerberoast the Administrator account’s password. Let’s get started. What we know […]
Welcome back everyone! Today I’ll be documenting my process through the retired Hack the Box machine, ‘Jeeves’. We’ll obtain initial access by exploiting an exposed Jenkins server that is insecurely configured, and escalate our privileges by cracking a password-protected Keepass Database file to obtain an Administrator password hash. As the final step, we’ll take this […]
Hello again everyone. Today’s walk-through will be covering the retired Hack the Box machine, ‘Shocker’. This was a fun machine covering the basics of the famous ‘Shellshock’ exploit. The privilege escalation was incredibly simple if you know where to look, but it offers a good example of a simple enumeration you should always try when […]
The Houston Hacker 