GrandPa is a windows machine rated easy. The machine is running a vulnerable version of IIS which we are able to exploit and gain access, however, the user we have is not a system user. We end up having to migrate to another user, exploit yet another vulnerability to escalate privileges into system. As system, … Continue reading WriteUp: HackTheBox GrandPa →

My next HackTheBox machine to play around with is Optimum. It is a Windows system running HTTP File Server and rated easy. As the machine is running a vulnerable version of HFS, we are able to exploit a vulnerability and gain user access to the box. Inorder to get the root flag, we take advantage … Continue reading WriteUp: HackTheBox Optimum →

My fourth box to play around with in HackTheBox is Nibbles. It is a Linux machine rated easy. Scanning the box shows two open ports, SSH and HTTP. Following the HTTP route, we are able to gain access to the server. As the user has permissions to run a file without requiring a password, we … Continue reading WriteUp: HackTheBox Nibbles →

This being my third box on HackTheBox, we are able intercept the communication and using brute force, gain access to the Windows Server via easily available default credentials. Once on the server, we spin up a reverse shell that gives us system access. From there on, it's smooth sailing to the flags. Table of Contents … Continue reading WriteUp: HackTheBox Jerry →

This is my second box in HackTheBox. There are probably a couple of different ways to exploit this but I went with the FTP path as FTP is known to be vulnerable. Maybe later in time, I will come back and try to exploit it using HTTP (if at all possible). We first exploit a … Continue reading WriteUp: HackTheBox Devel →

Getting back on HTB. Last time, I had to shift focus after 1 or 2 boxes and did not even have a writeup for them. Let's see how long I'll last this time round :). I'm basically starting from scratch now so let's just say, this is my very first box in my list of … Continue reading WriteUp: HackTheBox Blue →