Hack The Box: Sunday write-up

Nmap never was so important on a machine, thorough scans lead to user access, then pivoting thanks to a backup of the shadow file cracked with John. Finally, get the root hash with wget posting files as data.

Hack The Box: Canape write-up

Best machine I’ve rooted on HTB. Cool way of getting to user to pickle and then lots of creativity to extract data and get to user!

IceCTF 2018: Web write-ups

Various write-ups from IceCTF web challenges

IceCTF 2018: Forensics write-ups

Various write-ups from IceCTF forensics challenges

Hack The Box: Celestial write-up

Cool deserialization flaw that allows to get a shell. Then just use dirty cow to get the root hashes.

Hack The Box: Valentine write-up

Heartbleed bug leads to RSA exposed key being decrypted, which in turn leads to root through an open tmux session owned by root.

Hack The Box: Nibbles write-up

Simple rooting thanks to default passwords and file privilege misconfigurations.

Hack The Box: Poison write-up

File left on web server and cool ssh port forwarding to access a VNC service running as root.

Hack The Box: Bashed write-up

A PHP shell on a website is not always a good idea. Neither is a cron job running as root…

Hack The Box: Sense write-up

Psense firewall vulnerable that leads to a RCE granting root access. Simple.