HTB Writeup: Zipper

Posted on Thu 21 February 2019 in Writeups • Tagged with hack-the-box, writeup, walkthrough

Writeup of 40 points Hack The Box machine - Zipper. It is an interesting Linux machine with Docker containers inside. In order to read user flag, Zabbix API is put to use. Root flag is obtainable after exploiting usage of relative paths in SUID binary. Detailed writeup will be available soon.

zipper OS Linux
Author burmat
Difficulty Hard
Points 40
Released 20-10-2018
IP 10.10.10.108


Continue reading

HTB Writeup: Help

Posted on Tue 19 February 2019 in Writeups • Tagged with hack-the-box, writeup, walkthrough

Writeup of 20 points Hack The Box machine - Help. It is a simple Linux box. User flag could be read by exploiting HelpDeskZ software. Root access is obtainable with usage of an exploit (CVE-2017-16995) against outdated kernel. Detailed writeup is available.

help OS Linux
Author cymtrick
Difficulty Easy
Points 20
Released 19-01-2019
IP 10.10.10.121


Continue reading

HTB Writeup: Giddy

Posted on Sun 17 February 2019 in Writeups • Tagged with hack-the-box, writeup, walkthrough

Writeup of 30 points Hack The Box machine - Giddy. It is a Windows machine. User flag is obtainable after exploiting SQLi vulnerability. Root flag is to get with usage of CVE-2016-6914 and simple AV evasion. Detailed writeup is available.

giddy OS Windows
Author lkys37en
Difficulty Medium
Points 30
Released 08-09-2018
IP 10.10.10.104


Continue reading

HTB Writeup: Ypuffy

Posted on Mon 11 February 2019 in Writeups • Tagged with hack-the-box, writeup, walkthrough

Writeup of 30 points Hack The Box machine - Ypuffy. We are dealing here with refreshing OpenBSD. User flag is obtainable after exploiting LDAP misconfiguration. Root flag is achievable after leveraging doas misconfiguration. Detailed writeup is available.

netmon OS OpenBSD
Author AuxSarge
Difficulty Medium
Points 30
Released 15-09-2018
IP 10.10.10.107


Continue reading