Posts

Facts Writeup (HackTheBox Easy Machine)

-
Image
Overview Facts is an easy Linux machine from HackTheBox. This box showcases couple vulnerabilities in CMS and other common misconfigurations from the real world. We start by discovering website with Camaleon CMS. We exploit couple publicly known vulnerabilities to get admin access. Then we find AWS keys which we use to access S3 bucket where we find SSH private key. Once we gain access to the machine, we discover that we have elevated privileges over Facter. Due to the lack of protection, we are able to create malicious Ruby script that gives us Root shell. Nmap scan Starting with the Nmap scan. ┌──(root㉿kali)-[/home/kali] └─# nmap -Pn -A -p 22,80,54321 10.129.28.82 -T5 Starting Nmap 7.98 ( https://nmap.org ) at 2026-02-02 03:51 -0500 Nmap scan report for facts.htb (10.129.28.82) Host is up (0.026s latency). PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 9.9p1 Ubuntu 3ubuntu3.2 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 256 4d:d7:b2:8c:d4:df:57:9c:a4:2f:df:c6:e3:0...
Post a Comment
Read more

MonitorsFour Writeup (HackTheBox Easy Machine)

-
Image
Overview MonitorsFour is an easy Windows machine from HackTheBox. Although it’s presented as easy, it can definitely post some problems, but has couple interesting vulnerabilities. We start by enumeration and discover a subdomain and an API. We abuse type juggling flaw in PHP to access special endpoint that exposes sensitive info about users. Then, we access Cacti dashboard and exploit RCE vulnerability to get a shell. Next, we identify a Docker environment and Docker version. We find an escape online, mount the entire host filesystem and get access to host OS. Nmap scan Starting with the Nmap scan. ┌──(root㉿kali)-[/home/kali] └─# nmap -Pn -A 10.10 .11 .98 -T5 Starting Nmap 7.95 ( https://nmap.org ) at 2025-12-20 10 :03 CET Nmap scan report for monitorsfour.htb (10.10.11.98) Host is up (0.10s latency). Not shown: 998 filtered tcp ports (no-response) PORT STATE SERVICE VERSION 80 /tcp open http nginx | http-cookie-flags: | /: ...
Post a Comment
Read more

Overwatch Writeup (HackTheBox Medium Machine)

-
Image
Overview Overwatch is a medium Windows/Active Directory machine from HackTheBox. This box showcases couple interesting vulnerabilities and misconfigurations so it’s definitely worth checking out. We start by discovering EXE program which we reverse engineer and find MS SQL credentials. Because our user’s write permissions, we perform ADIDNS poisoning and steal NTLMv2 hash with Responder. We get remote access to the machine. Once inside, we find an internal SOAP-based web service. We recheck the decompiled code and find command injection vulnerability. We exploit it and get shell as System user. Nmap scan Starting with the Nmap scan. ┌──(root㉿kali)-[/home/kali] └─# nmap -Pn -A -p- overwatch.htb -T5 Starting Nmap 7.98 ( https://nmap.org ) at 2026-01-26 04 :27 -0500 Nmap scan report for overwatch.htb (10.129.16.108) Host is up (0.027s latency). Not shown: 65516 filtered tcp ports (no-response) PORT STATE SERVICE VERSION 53 /tcp open domai...
Post a Comment
Read more