Nmap never was so important on a machine, thorough scans lead to user access, then pivoting thanks to a backup of the shadow file cracked with John. Finally, get the root hash with wget posting files as data.
Hack The Box: Canape write-up
Best machine I’ve rooted on HTB. Cool way of getting to user to pickle and then lots of creativity to extract data and get to user!
IceCTF 2018: Web write-ups
Various write-ups from IceCTF web challenges
IceCTF 2018: Forensics write-ups
Various write-ups from IceCTF forensics challenges
Hack The Box: Celestial write-up
Cool deserialization flaw that allows to get a shell. Then just use dirty cow to get the root hashes.
Hack The Box: Valentine write-up
Heartbleed bug leads to RSA exposed key being decrypted, which in turn leads to root through an open tmux session owned by root.
Hack The Box: Nibbles write-up
Simple rooting thanks to default passwords and file privilege misconfigurations.
Hack The Box: Poison write-up
File left on web server and cool ssh port forwarding to access a VNC service running as root.
Hack The Box: Bashed write-up
A PHP shell on a website is not always a good idea. Neither is a cron job running as root…
Hack The Box: Sense write-up
Psense firewall vulnerable that leads to a RCE granting root access. Simple.