Prelude Backdoor was an easy machine from HTB, developed by hkabubaker17. The initial foothold vector was pretty cool, where we need to enumerate the running processes of the target machine using an LFI vulnerability present in a WordPress plugin. Once we have enumerated the processes, we’ll find that one of the open ports is gdbContinue reading “Hack The Box: Backdoor”
Hack The Box: Shibboleth
Shibboleth is an intermediate machine from HTB, developed by knightmare & mrb3n. This was an incredible machine with some cool vectors to foothold. This machine had an IPMI interface setup and we could dump the hashes from it, without any authentication. Once we crack the hash, we could gain access to a Zabbix agent running in theContinue reading “Hack The Box: Shibboleth”
Hack The Box: Secret
Secret was an intermediate machine from HTB, developed by z9fr. This was a pretty cool machine, which started with crafting JWT tokens as admin with exposed JWT secret from a github repo. Once we are in as admin, we can then use OS command injection in a vulnerable API endpoint accessible to the admin userContinue reading “Hack The Box: Secret”
Hack The Box: Devzat
Prelude Devzat was an intermediate machine from HTB, developed by c1sc0. This was a pretty straightforward box, which reused a lot of the exploit vectors, which I really dig. The initial foothold had us exploiting an OS command injection vulnerability in an API endpoint. Once we had a shell, then we can exploit the internalContinue reading “Hack The Box: Devzat”
Hack The Box: Driver
Prelude Driver is an easy machine from Hack The Box, developed by MrR3boot. This was an easy, but cool box which demonstrated the recent Print Nightmare vulnerability. The initial foothold part was also a pretty cool vector and it taught me how to misuse SCF files to dump NTLM hashes. Let’s start the enumeration. ExploitationContinue reading “Hack The Box: Driver”
Hack The Box: Horizontall
Prelude Horizontall was an Intermediate linux machine from Hack The Box, developed by wail99. This box was actually a great learning experience for me and it demonstrated a cool vulnerability in Laravel for the privesc vector. For the initial foothold, Horizontall combined basic enumeration techniques and an RCE in Strapi. Let’s start the exploitation. ExploitationContinue reading “Hack The Box: Horizontall”
A Beginner’s guide into Router Hacking and Firmware Emulation
Prelude This post is about the personal experiences of me; A noobie hacker- who is super new into router reversing and the challenges I had to face, the research I did and the things I had learned in the journey, partly mentioned in my previous post. After going through the experience of emulating a firmware,Continue reading “A Beginner’s guide into Router Hacking and Firmware Emulation”
Hack The Box: Previse
Prelude Previse was an easy machine from HTB, developed by m4lwhere. This was a simple and beginner friendly box and the exploitation vectors are pretty straightforward. It started with an improper access control of a webpage and from there, we could create a new user. Once a new user is created, we can leak theContinue reading “Hack The Box: Previse”
The Story of How I Hacked my ISP’s Cheapo Standard Issue Router
Prelude OptiLink is a company based on India that specializes in manufacturing Networking Devices. Two of the largest Internet Service Providers in this country have provided / still providing OptiLink’s ONU (Optical Network Unit) devices as a cost effective ONU device for getting Fiber to home service in India. But, in the name of costContinue reading “The Story of How I Hacked my ISP’s Cheapo Standard Issue Router”
Hack The Box: Pikaboo
Prelude Pikaboo is an intermediate machine from Hack The Box, developed by pwnmeow & polarbearer. This was a pretty great box, which follows the same principle as the machine Breadcrumbs, where we have to craft an exploit chain to get the initial foothold and to escalate privileges. Pikaboo started by exploiting Nginx off-by-slash fail bug and gainingContinue reading “Hack The Box: Pikaboo”
SecNigma