Posts tagged with

rce

HackTheBox - Precious Writeup

Precious is an easy Hack The Box Linux machine focused on Ruby exploitation. It features a vulnerable Ruby web app using pdfkit (CVE-2022-25765) that enables RCE. Plaintext credentials in a Gem config file allow lateral movement. The final privilege escalation uses insecure Ruby deserialization for root access.

S SH∆FIQ∆IM∆N
April 6, 2025
1 min read

pdfkit pdfkit-v0.8.6 CVE-2022-25765 tcpdump ruby-yaml rce
HackTheBox - Chemistry Writeup

Chemistry is an easy Hack The Box Linux machine highlighting RCE in the pymatgen library (CVE-2024-23346) via a malicious CIF file upload. Cracked credentials allow SSH access as rosa. Privilege escalation is achieved by exploiting a path traversal in AioHTTP (CVE-2024-23334) for arbitrary file read, revealing the root flag.

S SH∆FIQ∆IM∆N
March 9, 2025
1 min read

ssh-port-forward sqlite-dump CVE-2024-23346 CVE-2024-23334 aiohttp-3.9.1 crackstation lfi rce cif-file
HackTheBox - Surveillance Writeup

Surveillance is a medium-difficulty Linux machine featuring Craft CMS [CVE-2023-41892] PHP object injection for initial access. Privilege escalation involves authenticated RCE in ZoneMinder and a sudo misconfiguration using LD_PRELOAD, leading to root access.

S SH∆FIQ∆IM∆N
February 2, 2025
1 min read

CVE-2023-41892 CVE-2023-26035 gobuster craftcms rce mysql crackstation linpeas chisel zoneminder dpkg check-installed
HackTheBox - MonitorsTwo Writeup

MonitorsTwo is an easy Hack The Box Linux machine featuring pre-auth RCE via a malicious X-Forwarded-For header, leading to a Docker container shell. A misconfigured SUID capsh binary grants root in the container. Cracked MySQL credentials allow SSH access to the host. Privilege escalation is achieved by exploiting Docker CVE-2021-41091 to access container-mounted files and reuse a SUID Bash binary.

S SH∆FIQ∆IM∆N
September 3, 2023
1 min read

CVE-2022-46169 CVE-2021-41091 upgrade-shell-using-script rce GTFOBins capsh mysql john docker
HackTheBox - Busqueda Writeup

Busqueda is an easy Hack The Box Linux machine involving command injection in a Python module for initial access. Credentials found in a Git config file provide access to a local Gitea instance. A system checkup script with root permissions exposes Docker container credentials for the Gitea admin. Abusing a relative path vulnerability in the script leads to root RCE and full privilege escalation.

S SH∆FIQ∆IM∆N
July 8, 2023
1 min read

python mysql gitea rce searchor 2.4.0 docker docker-inspect
HackTheBox - Sense Writeup

Sense is an easy Hack The Box Linux machine featuring a vulnerable pfSense firewall. Although a public PoC exploit exists, it is unreliable. A more stable approach using the same pfSense vulnerability is required to gain remote access. Once exploited, it provides a straightforward path to root.

S SH∆FIQ∆IM∆N
November 13, 2022
1 min read

CVE-2014-4688 pfsense-default-creds pfsense gobuster python rce
HackTheBox - Shocker Writeup

Shocker is a simple Hack The Box machine that highlights the critical impact of the Shellshock vulnerability, which once affected millions of public-facing servers worldwide.

S SH∆FIQ∆IM∆N
November 5, 2022
1 min read

CVE-2014-6271 gobuster shellshock GTFOBins rce python cgi-bin
HackTheBox - Arctic Writeup

Arctic is an easy Hack The Box Windows machine featuring a vulnerable Adobe ColdFusion server. Initial access is gained via an unauthenticated file upload exploit. After obtaining a reverse shell, privilege escalation is achieved using the MS10-059 vulnerability, resulting in full system compromise.

S SH∆FIQ∆IM∆N
October 8, 2022
1 min read

CVE-2009-2265 juicy-potato seImpersonatePrivilege coldfusion rce smbserver.py upload-vuln lfi jsp-reverse-shell msfvenom
HackTheBox - Validation Writeup

S SH∆FIQ∆IM∆N
August 26, 2022
1 min read

sqli sql-union sql-to-rce php-webshell gobuster rce upgrade-shell-using-script
HackTheBox - Optimum Writeup

Optimum is a beginner-level machine on Hack The Box that emphasizes service enumeration and exploitation. It features easy-to-exploit vulnerabilities with available Metasploit modules, making the machine straightforward to complete.

S SH∆FIQ∆IM∆N
June 17, 2022
1 min read

CVE-2014-6287 CVE-2016-0099 MS16-032 rce reverse-powershell httpfileserver HFS empire-project windows-sysnative powershell-arc
HackTheBox - Netmon Writeup

Netmon is an easy Windows machine on Hack The Box featuring simple enumeration and exploitation. It runs PRTG Network Monitor alongside an FTP server with anonymous access, allowing retrieval of PRTG config files. A known RCE vulnerability in the PRTG version is exploited to gain a SYSTEM-level shell.

S SH∆FIQ∆IM∆N
May 28, 2022
1 min read

CVE-2018-9276 evil-winrm PRTG-netmon ftp paessler rce PRTG-netmon-default-creds
HackTheBox - Responder Writeup

Responder is a free starting-point machine. This machine teaches us how to use the responder utility to steal the password hash and crack it with hashcat. On top of that, this machine is also vulnerable to local file inclusion. Which we can exploit through log poisoning to gain remote code execution and get the reverse shell.

S SH∆FIQ∆IM∆N
April 9, 2022
1 min read

lfi rce log-poisoning responder.py NTLMv2 hashcat reverse-powershell php-webshell evil-winrm steal-NTLMv2
HackTheBox - Beep Writeup

Beep is an easy Hack The Box (HTB) Linux machine with numerous exposed services, making initial enumeration challenging. Despite the noise, multiple clear exploitation paths exist for gaining access and escalating privileges.

S SH∆FIQ∆IM∆N
January 21, 2022
1 min read

lfi rce ssh gobuster svwar/sipvicious GTFOBins python SUID elastix freepbx
HackTheBox - Knife Writeup

Knife is an easy Hack The Box Linux machine running a backdoored version of PHP, which is exploited to gain a foothold via remote code execution. Post-exploitation enumeration reveals a sudo misconfiguration that allows privilege escalation to root without a password, resulting in full system compromise.

S SH∆FIQ∆IM∆N
January 15, 2022
1 min read

GTFOBins rce gobuster PHP/8.1.0-dev php-backdoor
HackTheBox - Vaccine Writeup

Starting Point Machine

S SH∆FIQ∆IM∆N
July 21, 2021
1 min read

sqlmap sql-union sqli GTFOBins ftp rce zip2john john crackstation python PostgreSQL