Ivan’s blog

Hello ! This time I’m gonna show you my write up of Driver. This boot2root challenge from HackTheBox was a great journey, the first part included the explotation of a user side attack, through a well known Windows feature and the second part was useful to understand a critical vulnerability that appeared some months ago in the Windows Spooler service.

Welcome to another HackTheBox blog entry, this time I’m gonna show the steps to resolve the Forge challenge, categorized as medium level of difficulty. The user is solved chaining vulnerabilities in the web server, then the privilege escalation involves a Python functionality which is executed as root with SUDO.

Hi ! Welcome to another write-up of another HackTheBox boot2root challenge. This one was a easy one based mainly in the exploitation of common vulnerabilities and some web and local enumeration.

Hey ! Welcome to another HackTheBox post, this time I’m gonna show you how to solve the new HTB machine named ‘Previse’. This machine was categorised as easy with good accuracy, it’s not so difficult to find the path to own the machine. The user is achieved by the abuse of one of the OWASP top vulnerabilities and the privilege escalation is based on a insecure path reference in the configuration.

Welcome to another HackTheBox write-up, this time I will explain the procedure to solve a medium machine named ‘Schooled’. The name is pretty appropriate because the initial entry point comes from a vulnerable Moodle web site. Once gained access to the internal server, the first privilege escalation to the user is achieved by the cracking of an insecure password hash. Finally, the privilege escalation to ‘root’ is based in insecure permissions configured in the server that allows the user to execute a GTFObin with SUDO.

Welcome to another post with the write-up of the HackTheBox machine “BugHunter”. This machine was interesting because the initial access requires te exploitation of a common web vulnerability and the privilege escalation phase involved the analysis of a vulnerable python code.

Welcome to another post with the write-up of the HackTheBox machine “Love”. This was a great challenge because it involved the exploitation of common web vulnerabilities.

Hello ! This time I will show you how the ‘Cap’ challenge is solved. This boot2root CTF has been retired from HackTheBox platform so I can disclose the solution. This machine was categorized as Easy and I totally agree with this level of difficulty because it is not required a lot of hacking knowledge to achieve this challenge, only some skills in network analysis to get user and a little enumeration in the privilege escalation.

Welcome to my first hackthebox write-up, in this first blog entry I’m gonna show you the steps to resolve this easy machine from this amazing platform. Knife is a good example of easy machine for those who are taking their first experience with the boot2root challenges because it involves a lot of enumeration (the vulnerability is not being shown in front of your eyes when you starts the enumeration phase) and the privilege escalation phase is a common way to escalate in these challenges.