There is no excerpt because this is a protected post.
Protected: HTB – Escape writeup
Tag: htb
HTB – Stocker Writeup
Recon Nmap Directory listing The web app Exploit Auth Bypass PDF Injection The following is the request that was done to puchase an Axe A quick google search lead me here : https://www.triskelelabs.com/blog/extracting-your-aws-access-keys-through-a-pdf-file Maybe we can get info from the Database Let’s see if I can find any interesting files […]
HTB – Knife Writeup
Nmap reveals ssh on port 22 and a website on port 80. I found a nice exploit on GitHub that will provide a reverse shell. Let’s start a listener. Time for escalation. Enumeration didn’t take long 😉 This should be fairly easy! Done!!! Rooted!
HTB – Cap Writeup
Nmap reveals FTP, SSH and HTTP. I couldn’t log successfully on FTP so went to the website. The pcap had nothing really interesting. Going back to the website and looking at the URL http://10.10.10.245/data/1 I wondered what was at /data/0. It seems like an older report. I downloaded it. After […]
HTB – Antique Writeup
Nmap reveals telnet port which seems to be a remote management endpoint for JetDirect printer. Let’s try it! I’m gonna need to find the password for this… After a while I found this blog post showing how to exploit by “Getting a JetDirect password remotely using the SNMP vulnerability“. I’ll […]
HTB – Return Writeup
Nmap reveals a lot of ports on this machine. My attention is brought to the SMB server. There is not possible NTLM relay since signing is required but I’ll give it a look if there is anything interesting. Unfortunately no guest login available. Let’s check the website running on port […]
HTB – Horizontall Writeup
I made a video of this room. Unfortunately my mic was muted. So here is the writeup version… I couldn’t find anything interesting with dirseach. I decided to beautify the source code of the website and found something interesting A little bit research led me to this exploit. To access […]