Writeup | SHAFIQAIMAN

2022

HacktheBox - Late Writeup

Late is an easy Hack The Box Linux machine with a Server Side Template Injection (SSTI) vulnerability in a text reader app, leading to Remote Code Execution as user svc_acc. Enumeration reveals a root-owned script triggered on SSH login/logout. Although the script can’t be edited, data can be appended, allowing a reverse shell to be added for root access.

S SH∆FIQ∆IM∆N
July 30, 2022
1 min read

linpeas ssti pspy
HackTheBox - Paper Writeup

Paper is an easy Hack The Box Linux machine running Apache on ports 80 and 443. A hidden virtual host reveals a vulnerable WordPress blog susceptible to [CVE-2019-17671], allowing access to sensitive draft content. A discovered link leads to a Rocket.Chat instance, where bot interaction leaks system credentials. SSH access is obtained, and privilege escalation is achieved by exploiting a vulnerable version of sudo via [CVE-2021-3560], resulting in root access.

S SH∆FIQ∆IM∆N
June 19, 2022
1 min read

CVE-2019-17671 CVE-2021-3560 polkit linpeas gobuster wordpress hubot
HackTheBox - Optimum Writeup

Optimum is a beginner-level machine on Hack The Box that emphasizes service enumeration and exploitation. It features easy-to-exploit vulnerabilities with available Metasploit modules, making the machine straightforward to complete.

S SH∆FIQ∆IM∆N
June 17, 2022
1 min read

CVE-2014-6287 CVE-2016-0099 MS16-032 rce reverse-powershell httpfileserver HFS empire-project windows-sysnative powershell-arc
HackTheBox - Jerry Writeup

Jerry is an easy Windows machine focused on exploiting Apache Tomcat, allowing attackers to gain a NT AUTHORITY\SYSTEM shell and fully compromise the system.

S SH∆FIQ∆IM∆N
June 4, 2022
1 min read

msfvenom jsp-reverse-shell jsp-webshell war-file apache-tomcat
HackTheBox - Netmon Writeup

Netmon is an easy Windows machine on Hack The Box featuring simple enumeration and exploitation. It runs PRTG Network Monitor alongside an FTP server with anonymous access, allowing retrieval of PRTG config files. A known RCE vulnerability in the PRTG version is exploited to gain a SYSTEM-level shell.

S SH∆FIQ∆IM∆N
May 28, 2022
1 min read

CVE-2018-9276 evil-winrm PRTG-netmon ftp paessler rce PRTG-netmon-default-creds
HackTheBox - Responder Writeup

Responder is a free starting-point machine. This machine teaches us how to use the responder utility to steal the password hash and crack it with hashcat. On top of that, this machine is also vulnerable to local file inclusion. Which we can exploit through log poisoning to gain remote code execution and get the reverse shell.

S SH∆FIQ∆IM∆N
April 9, 2022
1 min read

lfi rce log-poisoning responder.py NTLMv2 hashcat reverse-powershell php-webshell evil-winrm steal-NTLMv2
HackTheBox - Return Writeup

Return is an easy Windows machine on Hack The Box that involves exploiting a network printer admin panel to extract LDAP credentials via a malicious LDAP server. These credentials are then used to gain access through WinRM. Privilege escalation is achieved by abusing group membership, leading to full system compromise.

S SH∆FIQ∆IM∆N
April 2, 2022
1 min read

server-operators-group printer sc.exe evil-winrm
HackTheBox - Bashed Writeup

Bashed is an easy Hack The Box (HTB) Linux machine focused on web fuzzing and file enumeration. Initial access is gained through a vulnerable web shell, and privilege escalation involves analyzing scheduled tasks with restricted crontab access.

S SH∆FIQ∆IM∆N
March 1, 2022
1 min read

python-shell gobuster crontab upgrade-shell-python phpbash-webshell
HackTheBox - Unified Writeup

Unified is the new starting point machine that HacktheBox released. This machine heavily focus on new vulnerabilities that had been discussed all across the world. This vulnerability is from the java logging library, Log4J (CVE-2021-44228). How we can exploit the Unifi application, especially version 6.4.54 with using the Rogue-JNDI application. Which is a malicious server that allows us to receive the connection and do some nasty injections.

S SH∆FIQ∆IM∆N
February 19, 2022
1 min read

CVE-2021-44228 unifi-6.4.54 log4j tcpdump rogue-jndi mongodb-checking-is-running mongodb mongodb-dump mongodb-update generate-sha512-hash upgrade-shell-using-script
HackTheBox - Beep Writeup

Beep is an easy Hack The Box (HTB) Linux machine with numerous exposed services, making initial enumeration challenging. Despite the noise, multiple clear exploitation paths exist for gaining access and escalating privileges.

S SH∆FIQ∆IM∆N
January 21, 2022
1 min read

lfi rce ssh gobuster svwar/sipvicious GTFOBins python SUID elastix freepbx