Writeup of 20 points Hack The Box machine - FriendZone. That box was full of rabbitholes :). I won't deny it - I fell for some of them! User flag is accessible due to trivial, yet required some guessing, PHP bug. But only after DNS zone transfer.Root flag was pretty straightforward - required editing python native library. Detailed writeup is available.

Continue reading

Writeup of 30 points Hack The Box machine - Chaos. Fun box with several cunning rabbit holes. Access to user flag require brute-forcing (guessing) simple password and then executing commands via pdfTex. Path to root flag is cleverly hidden in Mozilla Firefox Password Manager. Detailed writeup is available.

Continue reading

Writeup of 20 points Hack The Box machine - Netmon. The easiest (so far) in the Hack The Box platform. User flag is available via FTP (anonymous access!). Root flag can be read after leveraging PRTG feature (custom actions with notifications) allowing to execute commands. Detailed writeup is available.

Continue reading

Writeup of 30 points Hack The Box machine - Lightweight. User flag is obtainable after leveraging misconfigured OpenLDAP (plaintext authentication). Root flag is accessible after leveraging another misconfiguration - wrongly set capabilities for openssl binary. Detailed writeup is available.

Continue reading