Sign in

Hack The Box — Ready

Overview

In the first place we find a web server managed with GitLab, it seems that it is working with a version with a certain vulnerability of RCE.

after gaining access to the machine, it turns out that we are in a docker container. …


Hack The Box — Laboratory

https://app.hackthebox.eu/machines/298

Overview

Hello everyone! this machine consists of managing to get a subdomain (vhost) on the host to discover a software which is outdated and that presents an rce vulnerability with which we can get a revshell

Once inside the machine, we discovered that we are in a docker container but we…


Hack The Box — Time

https://app.hackthebox.eu/machines/286

Overview

This machine is about exploiting a json parser online which presents a rce vulnerability.

After gaining access to the machine, it is possible to escalate to root by modifying a script that is executed periodically

Initial access

Port scan only shows ssh and a web server


Hack The Box — Passage

https://app.hackthebox.eu/machines/275

Overview

Initial access to the machine is achieved through outdated cms!

Later, it is possible to scale to a conventional user through the study of the web files. Another horizontal scaling is achieved thanks to ssh.

We manage to scale to root via USBCreator D-Bus!

Initial access

first and as always, a port…


Hack The Box — Academy!

Overview

This machine is about getting access to an admin panel on the web page by modifying the parameters when registering a user.
After this, another web page is discovered which shows a technology that contains a vulnerability to achieve rce.
With this, you can access the machine through a revshell.
Privilege escalation is…


An easy level machine with multiple ways to escalate privileges.

https://tryhackme.com/room/colddboxeasy

Overview

This easy machine consists of finding out the password of a user on a web server that uses wordpress to gain access to the machine.

Once inside this, it is possible to escalate to root by abusing the SUID bit

Enumeration

First of all and as always, we do a port…


Hack The Box — Doctor

https://app.hackthebox.eu/machines/278

Overview

This machine consists of finding a vhost on the remote machine to gain access to a “forum” in which we find SSTI — Server Side Template Injection — and we manage to get a revshell.

Once inside the machine, we manage to scale horizontally thanks to the revision of the…


Exploit Ubuntu, like a Turtle in a Hurricane

https://tryhackme.com/room/0day

Overview

This room consists of exploiting 2 old vulnerabilities

Initial access

The port scan shows nothing that a ssh server an Apache webserver


Billy Joel made a Wordpress blog!

https://tryhackme.com/room/blog

Overview

Initial access is achieved by cracking the password of a wordpress user and exploiting a vulnerability in cms.

After this, it is possible to escalate to root through a command that has the SUID bit activated

Initial access

as always, we are going to do a port scan to see what we…


This room provides the real world pentesting challenges.

https://tryhackme.com/room/chillhack

Overview

We get initial access to the machine by finding a page which allows us to execute some commands but they are filtered, we manage to launch a revshell through a bypass technique.

Once inside the machine, we managed to escape from the web server user thanks to a script that…

tocto

Computer Science student. Capture the flag player.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store