HTB – Keeper
Keeper from HTB features RT running with default creds. Once on the box we use CVE-2023-32784 and puttygen for root.
HTB – MonitorsTwo
MonitorsTwo from HTB features a vulnerable cacti docker. Once on the box we use user_auth table and CVE-2021-41091 for root.
HTB – Busqueda
Busqueda from HTB features a vulnerable Searchor web app. On the box we use git, gitea, password reuse and running scripts for root.
HTB – Pilgrimage
Pilgrimage from HTB features a .git directory showing a vulnerability with ImageMagick allowing file read. On the box we exploit binwalk for root.
HTB – Trick
Trick from HTB features a hidden sub-domain vulnerable to LFI which gets us the SSH key to user. For root we enumerate the database and use fail2ban.
HTB – StreamIO
StreamIO from HTB features a website with an exploitable login and parameter. Once on the box we use BloodHound alongside the Firefox profile creds for root.
HTB – Talkative
Talkative HTB has an outdated Jamovi with an R code exploit. On the box you pivot to the 172 range, get creds on MongoDB and a web-hook on Rocketchat for root.
HTB – Paper
Paper from HTB features an outdated WordPress environment and hidden sub-domain. On the box you use PolKit exploit CVE-2021-3560 made by the author for root.
HTB – Meta
Paper from HTB features an outdated WordPress environment and hidden sub-domain. On the box you use PolKit exploit CVE-2021-3560 made by the author for root.
HTB – Pandora
Pandora from HTB features Port 161 running UDP which shows a password. Next you use CVE-2021-32099, a php web-shell and pandora_backup for root.
HTB – Search
Search from HTB features a website with credential leakage via a image and a domain controller you exploit to escalate. Finally we use GenericAll for root.
HTB – Devzat
Devzat from HTB features a sub-domain with command injection. On the box you find an exploitable InfluxDB running and a dev chat with a file command for root.