Prelude Intelligence is an intermediate Windows machine from HTB, developed by Micah. This was a little harder than regular intermediate machines for me, since my Active Directory skills are still under development. This machine is also one of the few machines (also the first machine I’ve ever encountered) from HTB, where the player only getsContinue reading “Hack The Box: Intelligence”
Hack The Box: BountyHunter
Prelude BountyHunter is an easy machine from HackTheBox, developed by ejedev. This was a pretty straightforward machine, but with some twists. The initial foothold was about exploiting an XXE (XML External Entity ) Injection vulnerability to dump the database configuration PHP file. This was a pretty straight forward step, but PHP files and JS filesContinue reading “Hack The Box: BountyHunter”
Hack The Box: Writer
Prelude Writer was an intermediate machine from Hack The Box, developed by TheCyberGeek. This was a good learning experience and this machine’s initial foothold was a bit too realistic, by bruteforcing a user named kyle’s ssh login. Once we are inside the machine, we can see that there are some peculiar groups that the userContinue reading “Hack The Box: Writer”
Hack The Box: Seal
Prelude Seal was an intermediate box from Hack The Box, developed by MrR3boot. This was an interesting box, but the initial foothold took me a while, since I wasn’t familiar with the Nginx path normalization ACL bypass technique. But once I found that, everything was straightforward from there on. To gain user we have toContinue reading “Hack The Box: Seal”
Hack The Box: Explore
Prelude Explore is an easy box developed by bertolis. This is the first Android CTF machine from HTB and it was quite fun solving this. The initial foothold of the machine was about exploiting a vulnerability in ES File explorer and leaking credentials. Once we have a shell in the target, we can use theContinue reading “Hack The Box: Explore”
Hack The Box: Dynstr
Prelude Dynstr is an intermediate box from Hack The Box, developed by jkr. This is an excellent machine and this machine taught me new things like API fuzzing and re-taught me the basics of DNS and some cool DNS tools. This machine required the player to fuzz a dynamic DNS update API and gain RemoteContinue reading “Hack The Box: Dynstr”
Hack The Box: Monitors
Prelude Monitors is an intermediate machine from Hack The Box developed by TheCyberGeek. This machine follows the same principals of Breadcrumbs machine, where the player has to exploit a chain of vulnerabilities to get into the machine. To get an intial foothold, we have to exploit a File inclusion vulnerability in a WordPress plugin. But,Continue reading “Hack The Box: Monitors”
Hack The Box: Cap
Prelude Cap was an easy machine from Hack The Box developed by InfoSecJack. This was actually the easiest box from Hack The Box and it is perfect for a total beginner. Also, before the release of this machine, I was pretty sure what the privilege escalation vector would be because of the name and IContinue reading “Hack The Box: Cap”
Hack The Box: Pit
Prelude Pit is an intermediate machine from Hack The Box developed by polarbearer & GibParadox. This was not an easy box in any way and I almost lost my mind over this machine. But, this machine strongly reinforced the importance of in depth enumeration and I believe that it is the whole theme of this machine. GettingContinue reading “Hack The Box: Pit”
Hack The Box: Schooled
Prelude Schooled was an intermediate machine from HTB, developed by TheCyberGeek. This machine was actually a bit tough for me on gaining the initial foothold, just because the service to exploit was hidden behind a subdomain and there’s no indication in the main page that there’s a subdomain in the target. That is actually aContinue reading “Hack The Box: Schooled”
SecNigma