Blog

HTB – Monitors

Christopher Soehnlein2021-06-21T13:57:28-05:00May 25th, 2021|Categories: HTB, Technology|Tags: Cacti, CAP_SYS_MODULE, docker, HTB, Monitors, Pivot, Tomcat, WordPress|

Monitors is an Hard box from HTB and created by TheCyberGeek. This box features a WordPress plugin exploit via wp-with-spritz allowing for LFI/RFI and an internal docker with Apache Tomcat running.

HTB – Blackfield

Christopher Soehnlein2020-10-10T10:39:40-05:00October 3rd, 2020|Categories: HTB, Technology|Tags: Blackfield, CrackMapExec, Evil-WinRM, HTB, john, Seatbelt, SeBackupPrivilege, smbmap, Windows|

Today in Blackfield from HTB I explore a real-world example of a Windows Server when an account used for a specific task is not removed after.

HTB – Forge

Christopher Soehnlein2021-09-15T10:38:32-05:00September 14th, 2021|Categories: HTB, Technology|Tags: BurpSuite, GoBuster, LFI, Linux, Python Debugger, python3, rustscan, VHOST|

Forge by NoobHacker9999 features a directory traversal/LFI exploitable website and hidden vhost. Once on the box you use python debugger on a script for root.

HTB – Schooled

Christopher Soehnlein2021-09-10T10:52:50-05:00September 10th, 2021|Categories: HTB, Technology|Tags: CVE-2020-14321, FreeBSD, HTB, moodle, Schooled, sub-domain, XSS|

Schooled is an Medium box from HTB and created by TheCyberGeek. This box features a XSS exploit and priv esc via moodle and a malicious pkg for root.

PwnBox & Kali

Christopher Soehnlein2021-09-10T08:20:15-05:00September 7th, 2021|Categories: Technology|Tags: GitHub, HTB, i3, i3-gaps, Kali, PwnBox, theGuildHall, xct|

Using theGuildHall - pwnbox and xct - kali-clean to create a more personalized and optimized environment well still keeping that pwnbox look and feel.

HTB – Horizontall

Christopher Soehnlein2021-09-06T12:41:36-05:00September 1st, 2021|Categories: HTB, Technology|Tags: CVE-2021-3129, Exploit_50239, ffuf, GoBuster, Horizontall, HTB, rustscan, strapi, VHOST|

Horizontall features a hidden vhost with an exploitable strapi. Once on the box we exploit a vulnerable laravel using an SSH port forward.

HTB – Knife

Christopher Soehnlein2021-08-30T10:40:01-05:00August 27th, 2021|Categories: HTB, Technology|Tags: chef, HTB, Knife, PHP, ruby|

Knife is an Easy box from HTB and created by MrKN16H. This box features a PHP and chef based exploit.

HTB – Previse

Christopher Soehnlein2021-08-17T12:17:31-05:00August 17th, 2021|Categories: HTB, Technology|Tags: FeroxBuster, gzip, MySQL, PATH, POST, python_exec, tty_python|

Previse from HTB features an exploitable website with POST request registration and a unsanitized parameter. On the box you use PATH injection on a script to get root.

HTB – Writer

Christopher Soehnlein2021-08-17T10:28:53-05:00August 13th, 2021|Categories: HTB, Technology|Tags: APT, BypassLogin, Disclaimer, enum4linux, ffuf, GTFOBins, NMAP, PostFix, python3, SID_users, SMTP, SQL|

Writer from HTB features a website with a weak login and a code executable uploader. Once on the box we exploit postfix and apt allowing us to get root.

HTB – Love

Christopher Soehnlein2021-08-05T10:44:18-05:00August 5th, 2021|Categories: HTB, Technology|Tags: AlwaysInstallElevated, HTB, love, MSFVenom, SSL|

Love is an Easy box from HTB and created by pwnmeow. This box features subdomain lookups and AlwaysInstallElevated privesc.

HTB – TheNotebook

Christopher Soehnlein2021-07-30T10:27:34-05:00July 30th, 2021|Categories: HTB, Technology|Tags: CSRF, CVE-2019-5736, docker, HTB, JWT, TheNotebook, WSO|

TheNotebook is an Medium box from HTB and created by mostwanted002. This box features a CSRF exploit via JWT and a docker exploit.

HTB – BountyHunter

Christopher Soehnlein2021-07-30T10:18:25-05:00July 29th, 2021|Categories: HTB, Technology|Tags: BurpSuite, CyberChef, eval, LFI, Linux, python3, URLEncode, XML, XXE|

BountyHunter is an Easy box by ejedev. It has a poorly configured XML form vulnerable to an XXE/LFI which gives us creds. Next we exploit a script for root.