Posts

WingData Writeup (HackTheBox Easy Machine)

-
Image
Overview WingData is an easy Linux machine from HackTheBox. It’s a beginner-friendly box with couple straight forward vulnerabilities. We start by discovering a Wing FTP service. We find a vulnerability which leads to RCE and gain initial access. Then we find couple hashes, which we crack using default salt string. We gain SSH access with newly pwned user. Next, we find a script over which we have elevated privilege. We identify Tar symlink overwrite vulnerability and use it to write ourselves unrestricted privileges. Nmap scan Starting with the Nmap scan. ┌──(root㉿kali)-[/home/kali] └─ # nmap -Pn -A 10.129.6.127 -T5 Starting Nmap 7.98 ( https://nmap.org ) at 2026-02-15 03:31 -0500 Nmap scan report for 10.129.6.127 Host is up (0.025s latency). Not shown: 998 filtered tcp ports (no-response) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 9.2p1 Debian 2+deb12u7 (protocol 2.0) | ssh-hostkey: | 256 a1:fa:95:8b:d7:56:03:85:e4:45:c9:c7:1e:ba:28:3b (ECDSA) |_ 256 9c:ba:21:1a:...
Post a Comment
Read more

Facts Writeup (HackTheBox Easy Machine)

-
Image
Overview Facts is an easy Linux machine from HackTheBox. This box showcases couple vulnerabilities in CMS and other common misconfigurations from the real world. We start by discovering website with Camaleon CMS. We exploit couple publicly known vulnerabilities to get admin access. Then we find AWS keys which we use to access S3 bucket where we find SSH private key. Once we gain access to the machine, we discover that we have elevated privileges over Facter. Due to the lack of protection, we are able to create malicious Ruby script that gives us Root shell. Nmap scan Starting with the Nmap scan. ┌──(root㉿kali)-[/home/kali] └─# nmap -Pn -A -p 22,80,54321 10.129.28.82 -T5 Starting Nmap 7.98 ( https://nmap.org ) at 2026-02-02 03:51 -0500 Nmap scan report for facts.htb (10.129.28.82) Host is up (0.026s latency). PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 9.9p1 Ubuntu 3ubuntu3.2 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 256 4d:d7:b2:8c:d4:df:57:9c:a4:2f:df:c6:e3:0...
Post a Comment
Read more

MonitorsFour Writeup (HackTheBox Easy Machine)

-
Image
Overview MonitorsFour is an easy Windows machine from HackTheBox. Although it’s presented as easy, it can definitely post some problems, but has couple interesting vulnerabilities. We start by enumeration and discover a subdomain and an API. We abuse type juggling flaw in PHP to access special endpoint that exposes sensitive info about users. Then, we access Cacti dashboard and exploit RCE vulnerability to get a shell. Next, we identify a Docker environment and Docker version. We find an escape online, mount the entire host filesystem and get access to host OS. Nmap scan Starting with the Nmap scan. ┌──(root㉿kali)-[/home/kali] └─# nmap -Pn -A 10.10 .11 .98 -T5 Starting Nmap 7.95 ( https://nmap.org ) at 2025-12-20 10 :03 CET Nmap scan report for monitorsfour.htb (10.10.11.98) Host is up (0.10s latency). Not shown: 998 filtered tcp ports (no-response) PORT STATE SERVICE VERSION 80 /tcp open http nginx | http-cookie-flags: | /: ...
Post a Comment
Read more