[HackTheBox] Jerry
Tomcat is a very popular ‘web container’ software. This box teaches one of the vulnerabilities that can be used for RCE using Tomcat’s manager.
Author: Ziemni
[HackTheBox] Blue
This machine is more about teaching a single exploit rather than usual HTB process. It is still fun and enjoyable!
[HackTheBox] Cronos
Cronos begins with a simple DNS enumeration to find a hidden subdomain with a login page. Then we exploit SQL and command injection vulnerabilities to get a shell. This machine requires knowledge of how cron jobs work to get root. Easy and fun machine!
[HackTheBox] Tenten
Tenten starts with very basic enumeration, but it very quickly becomes an interesting box. It requires knowledge of how to use and edit exploits and combines it with thinking outside the box. After a very fun user, I was a bit disappointed with the simplicity of escalation to root, but it was still an enjoyable experience.
[HackTheBox] Shocker
Shocker reminded me of my first days in cybersecurity. It is vulnerable to Shellshock which was my first ever vulnerability that I’ve exploited. Root part is as simple as knowing how to spawn a shell using Perl.
[HackTheBox] Popcorn
Popcorn is a very simple box. It starts with simple file upload restrictions bypass to get user and uses a very interesting exploit to get root. Summary Find http://10.10.10.6/torrent/ directory. Create an account and upload any torrent. Bypass upload restriction while uploading your php shell as a screenshot. Find /home/george/.cache/motd.legal-displayed and exploit it to get … Continue reading [HackTheBox] Popcorn
[HackTheBox] Mirai
Mirai was a very fun box! It requires thinking outside the box and compiling all information you have to guess some credentials. The root part requires knowledge of how Linux handles external devices to complete.
[HackTheBox] Bank
Bank is an easy machine. It requires some scripting and basic Linux enumeration skills to complete.
[HackTheBox] Blocky
Blocky teaches us not to reuse our credentials everywhere. It begins with a simple enumeration. Then we have to decompile some jars. Finally, it ends with the simplest and easiest Linux enumeration. Still fun!
[HackTheBox] Lame
Lame is the oldest machine on HackTheBox. It is super-easy as it requires only basic enumeration followed by a simple exploit that instantly gives you a root shell.