Down
There is a simple code review and a trick use of curl,kind of interesting.
HackTheBox - Machines
Comprehensive writeups for HackTheBox machines across Easy, Medium, Hard, and Insane difficulties
Total 187 reports , currently page 5 of 19 (10 per page)
💡 Ctrl + K to quickly focus search box
BabyTwo
Overall, it's a very basic AD machine. The only unexpected thing is checking whether the user's password is the same as the username, which is definitely not something I would consider when attacking ...
Imagery
In general, for the foothold exploitation part, the initial upload vulnerability turned out to be a rabbit hole, and the XSS vulnerability used was also expected.
Race
Overall, the use of the foothold is very interesting, especially the use of the forgotten password link is really unexpected. Without a certain reading of the code, it is difficult to guess that the e...
Shibuya
This AD domain machine is incredibly useful, especially for lateral movement. Using RemotePotato0 to perform Cross Session Relay is a classic example. This type of abuse is always effective, especiall...
Delegate
It is a very standard AD domain machine. The overall difficulty is not high, and it is not difficult to confirm the vulnerability, especially for the privilege escalation part. The technique of abusin...
Media
The only thing I find odd and annoying about this machine is that the reverse shell code I use won't work anyway, forcing me to resort to using the msfvenom exe payload.
Baby
A very basic AD domain machine, the use of Exploit SeBackupPrivilege for privilege escalation is also very common.
Forgotten
Very simple and typical LimeSurveyexploit path and the root path is simple and easy to find out.
HackNet
Overall, this machine is quite interesting. The exploits for the SSTI and XSS vulnerabilities are quite clever, but the lack of hardcode is particularly disturbing.
Jump to