Posts

Previous Writeup (HackTheBox Medium Machine)

-
Image
Overview Previous is a medium Linux machine from HackTheBox. This box takes a lot of patience, enumeration and fuzzing. On the other hand, it has couple very interesting vulnerabilities. We start by discovering Next.js website with Auth bypass vulnerability. We get access to docs and identify LFI. We abuse it to fuzz the filesystem and discover a manifest file and ultimately an auth file with SSH credentials. We use those to get access to the machine. Once inside, we find out that we have specific sudo privilege over Terraform. We create a malicious provider script, trick Terraform into executing it and get the Root shell.
Post a Comment
Read more

VulnNet Writeup (TryHackMe Medium Machine)

-
Image
Can you take advantage of the misconfigurations made by VulnNet Entertainment? Overview VulnNet is a medium Linux machine from TryHackMe. This room makes a fun challenge for every intermediate/experienced hacker out there. We start by discovering a hidden parameter and abuse it to read host files (LFI). Then, we gain access to a subdomain, which hosts ClipBucket service. We find file upload vulnerability and get reverse shell on the machine. Once inside, we discover SSH private key. We crack the passphrase and gain elevated privilege. For final priv esc, we exploit wildcard vulnerability in a cronjob and get Root shell. Nmap scan Starting with the Nmap scan. ┌──(root㉿kali)-[/home/kali] └─# nmap -Pn -A 10.82 .172 .143 -T5 Starting Nmap 7.98 ( https://nmap.org ) at 2025-12-31 09 :30 -0500 Nmap scan report for vulnnet.thm (10.82.172.143) Host is up (0.041s latency). Not shown: 998 closed tcp ports (reset) PORT STATE SERVICE VERSION 22 /tcp open ssh ...
Post a Comment
Read more

Startup Writeup (TryHackMe Easy Machine)

-
Image
Abuse traditional vulnerabilities via untraditional means. Overview Startup is an easy Linux machine from TryHackMe. This room has several simple vulnerabilities and misconfigurations and thus is perfect for beginners. We start by enumerating every active service. We discover that we can upload files to FTP and access them via web server, too. So we upload PHP shell and get initial access on the machine. Once inside, we find a password in network traffic capture file using Wireshark. For final privilege escalation, we identify bad file permissions and exploit it to get the Root shell. Nmap scan Starting with the Nmap scan. ┌──(root㉿kali)-[/home/kali] └─# nmap -Pn -A 10.81 .159 .149 -T5 Starting Nmap 7.95 ( https://nmap.org ) at 2025-12-24 11 :04 CET Nmap scan report for 10.81 .159 .149 Host is up (0.054s latency). Not shown: 997 closed tcp ports (reset) PORT STATE SERVICE VERSION 21 /tcp open ftp vsftpd 3.0 .3 | ftp-syst: | STAT: | FTP ...
Post a Comment
Read more