Cronos Logo

[HackTheBox] Cronos

Cronos begins with a simple DNS enumeration to find a hidden subdomain with a login page. Then we exploit SQL and command injection vulnerabilities to get a shell. This machine requires knowledge of how cron jobs work to get root. Easy and fun machine!

Tenten Logo

[HackTheBox] Tenten

Tenten starts with very basic enumeration, but it very quickly becomes an interesting box. It requires knowledge of how to use and edit exploits and combines it with thinking outside the box. After a very fun user, I was a bit disappointed with the simplicity of escalation to root, but it was still an enjoyable experience.

Shocker Logo

[HackTheBox] Shocker

Shocker reminded me of my first days in cybersecurity. It is vulnerable to Shellshock which was my first ever vulnerability that I’ve exploited. Root part is as simple as knowing how to spawn a shell using Perl.

Popcorn Logo

[HackTheBox] Popcorn

Popcorn is a very simple box. It starts with simple file upload restrictions bypass to get user and uses a very interesting exploit to get root. Summary Find http://10.10.10.6/torrent/ directory. Create an account and upload any torrent. Bypass upload restriction while uploading your php shell as a screenshot. Find /home/george/.cache/motd.legal-displayed and exploit it to get … Continue reading [HackTheBox] Popcorn

Mirai Logo

[HackTheBox] Mirai

Mirai was a very fun box! It requires thinking outside the box and compiling all information you have to guess some credentials. The root part requires knowledge of how Linux handles external devices to complete.

Blocky Logo

[HackTheBox] Blocky

Blocky teaches us not to reuse our credentials everywhere. It begins with a simple enumeration. Then we have to decompile some jars. Finally, it ends with the simplest and easiest Linux enumeration. Still fun!