Posts

Writeup for HackTheBox’s Inject machine. We have an upload functionality in the web app and it accepts PNG files, although there are some bypasses but they didn’t lead anywhere.

This machine was medium level windows which involves SQL Server interaction, then using Responder to capture the hash of the sqlsvc user and then enumerating files on the system, from there obtaining password for another user and in the end taking advantage of a vulnerable ADCS Template to gain Administrator access.

Writeup for HackTheBox’s Soccer. Starting off with the nmap scan: # Nmap 7.92 scan initiated Tue Apr 18 16:38:39 2023 as: nmap -sV -sC -A -Pn -p 22,80 -o nmap_ports -vv -Pn 10.

WriteUp for HackTheBox Bagel machine. Starting off with the nmap scan, we can it has 3 ports open (it missed one more port which was open due to some issue):

Writeup for HackTheBox’s Precious machine. # Nmap 7.92 scan initiated Wed Apr 19 09:13:16 2023 as: nmap -sV -sC -A -Pn -p 22,80 -o nmap_ports -vv -Pn 10.

I played this CTF event with the WeakButLeet team and in the end, we managed to get 18th rank, sadly we couldn’t do much crypto challenges but overall it was a fun CTF to get refreshed, there were other CTFs running as well but I only played this as there was a local CTF going on.

This challenge on the HackTheBox was released recently, the archive attachment contains the following files: toxin: The binary ld-2.27.so and the libc-2.27 file. The given LIBC files hinted towards the binary running on the Ubuntu 18.