WriteUps

WriteUps

Solutions and walkthroughs for CTF challenges

Kaiju

Kaiju - VulnLab

Today, we'll walk through Kaiju, a hard-difficulty chain from VulnLab. This lab simulates a multi-host Active Directory environment where initial access is obtained through misconfigurations in exposed services....

Read more
Rebound

Rebound - HackTheBox [Insane]

Rebound is an insane difficulty machine on HackTheBox. Initially, we'll exploit RID brute force to obtain a list of valid users on the Domain Controller. One of these users is vulnerable to...

Read more
Drive

Drive - HackTheBox [Hard]

Drive is a hard-difficulty machine on HackTheBox. Initially, we exploit an IDOR (Insecure Direct Object Reference) vulnerability to access private messages, revealing...

Read more
Gofer

Gofer - HackTheBox [Hard]

Gofer is a hard-level machine on the HackTheBox platform. Initially, we encounter a network-level shared resource via SMB that leaks a file containing pertinent information for...

Read more
Download

Download - HackTheBox [Hard]

Download is a hard difficulty machine on HackTheBox. The machine features a web service that allows file uploads. While attempting to download the files, we discover a...

Read more
Intentions

Intentions - HackTheBox [Hard]

Intentions is a hard-level machine from the HackTheBox platform. Initially, we discovered a SQL injection vulnerability that allowed us to obtain...

Read more
Snoopy

Snoopy - HackTheBox [Hard]

Snoopy is a hard level machine featured on the HackTheBox platform. Initially, our objective entails exploiting a Local File Inclusion vulnerability to extract...

Read more
Blackfield

Blackfield - HackTheBox [Hard]

Blackfield is a hard level machine on the HackTheBox platform. It is an Active Directory-based environment, where our initial reconnaissance involved analyzing a network-level shared resource exposed through...

Read more
Manager

Manager - HackTheBox [Medium]

Manager is a medium-difficulty machine on HackTheBox. Initially, we'll abuse the guest session to perform a RID Bruteforce attack to identify...

Read more
Visual

Visual - HackTheBox [Medium]

Visual is a medium-difficulty machine on HackTheBox. Initially, we will exploit a website that builds our custom Visual Studio projects by abusing...

Read more
Clicker

Clicker - HackTheBox [Medium]

Clicker is a medium-difficulty machine on HackTheBox. Firstly, we will exploit an NFS share to obtain the source code of a website. After reading the source code...

Read more
Zipping

Zipping - HackTheBox [Medium]

Zipping is a medium-difficulty machine on HackTheBox. Initially, we will exploit a Local File Inclusion (LFI) vulnerability to gain access to...

Read more
Authority

Authority - HackTheBox [Medium]

Authority is a medium-difficulty machine on HackTheBox. Initially, we will decrypt Ansible vaults using the ansible2john tool to extract...

Read more
Sandworm

Sandworm - HackTheBox [Medium]

Sandworm is a medium difficulty machine on HackTheBox. Firstly, we will exploit an SSTI vulnerability by abusing reflection...

Read more
Jupiter

Jupiter - HackTheBox [Medium]

Jupiter is a medium-difficulty machine on the HackTheBox platform. To start, we encounter a web service running...

Read more
Format

Format - HackTheBox [Medium]

Format is a medium-difficulty machine in which we need to exploit a web service to read system files. We achieve this by inspecting the page's source code hosted on port 3000 in a...

Read more
Escape

Escape - HackTheBox [Medium]

Escape is a medium difficulty machine on the HackTheBox platform. It is a machine that hosts an Active Directory service. Initially, we acquire credentials through a PDF exposed via...

Read more
OnlyForYou

OnlyForYou - HackTheBox [Medium]

OnlyForYou is a medium-level machine in which we exploit Python and Neo4j (Cypher Injection)...

Read more
Analytics

Analytics - HackTheBox [Easy]

Analytics is an easy machine on HackTheBox. Firstly, we'll exploit a vulnerable version of Metabase to achieve command execution on the victim machine...

Read more
Sau

Sau - HackTheBox [Easy]

Sau is an easy difficulty machine on the HackTheBox platform. Firstly, we will exploit an SSRF vulnerability in `request-baskets` to gain access to...

Read more
Pilgrimage

Pilgrimage - HackTheBox [Easy]

Pilgrimage is an easy difficulty machine on HackTheBox, exposing an HTTP service on port 80. Our initial step involves dumping a `.git` directory to retrieve...

Read more
Topology

Topology - HackTheBox [Easy]

Topology is an easy-level machine on HackTheBox. Initially, we need to exploit a LaTeX Injection to gain access to...

Read more
PC

PC - HackTheBox [Easy]

PC is an easy-level machine from HackTheBox. Firstly, we discover the gRPC service running on port "50051". Using the "grpcgui" tool, we set up a service to access it through...

Read more
Inject

Inject - HackTheBox [Easy]

This is an easy-level machine in which we exploit a file upload vulnerability to make the page show us how we can access them. The page utilizes a parameter in the GET method to access system files, allowing us to exploit...

Read more
Busqueda

Busqueda - HackTheBox [Easy]

Busqueda is a platform that provides a website offering links to various web pages based on user input. Behind the scenes, it utilizes the Python...

Read more