Posts

Writeup for HackTheBox Busqueda Machine Starting off with the nmap scan, we see that it has HTTP and SSH, as expected. PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.

Writeup for HackTheBox’s Inject machine. We have an upload functionality in the web app and it accepts PNG files, although there are some bypasses but they didn’t lead anywhere.

This machine was medium level windows which involves SQL Server interaction, then using Responder to capture the hash of the sqlsvc user and then enumerating files on the system, from there obtaining password for another user and in the end taking advantage of a vulnerable ADCS Template to gain Administrator access.

Writeup for HackTheBox’s Soccer. Starting off with the nmap scan: # Nmap 7.92 scan initiated Tue Apr 18 16:38:39 2023 as: nmap -sV -sC -A -Pn -p 22,80 -o nmap_ports -vv -Pn 10.

WriteUp for HackTheBox Bagel machine. Starting off with the nmap scan, we can it has 3 ports open (it missed one more port which was open due to some issue):

Writeup for HackTheBox’s Precious machine. # Nmap 7.92 scan initiated Wed Apr 19 09:13:16 2023 as: nmap -sV -sC -A -Pn -p 22,80 -o nmap_ports -vv -Pn 10.

I played this CTF event with the WeakButLeet team and in the end, we managed to get 18th rank, sadly we couldn’t do much crypto challenges but overall it was a fun CTF to get refreshed, there were other CTFs running as well but I only played this as there was a local CTF going on.