Open in app

Sign In

Write

Sign In

y4th0ts
y4th0ts

22 Followers

Home

About

Apr 3, 2021

Time — HackTheBox

Summary Time is a medium-rated Linux machine created by egotisticalSW & felamos. Initial foothold is discovered by accessing a JSON beautifier and validator running on port 80. Server Side Request Forgery can be abused to perform code execution and gain user access. …

Penetration Testing

4 min read

Time — HackTheBox
Time — HackTheBox
Penetration Testing

4 min read


Mar 6, 2021

Passage — HackTheBox

Summary Passage is a medium-rated Linux machine created by ChefByzen. Initial foothold is gained by exploiting a vulnerable version of CuteNews PHP. User compromise is performed by finding encoded files and decrypting a SHA256 password. Movement to another user was done by simply authenticating through SSH in localhost. …

Hacking

4 min read

Passage — HackTheBox
Passage — HackTheBox
Hacking

4 min read


Feb 6, 2021

Doctor — HackTheBox

Summary Doctor is an easy Linux box created by egotisticalSW. Initial foothold is discovered by fuzzing the ‘New Message’ form in the Doctor Secure Messaging page. A reverse shell can be spawned by performing Server Side Template Injection. Lateral movement to user ‘shaun’ is done by finding his password in a…

Hackthebox

4 min read

Doctor — HackTheBox
Doctor — HackTheBox
Hackthebox

4 min read


Dec 12, 2020

OpenKeyS — HackTheBox

Summary OpenKeyS is a medium-rated OpenBSD machine created by polarbearer & GibParadox. Initial foothold can be obtained by discovering a authentication bypass on the HTTP service. User access is gained by adding a username cookie for a discovered user, ‘jennifer’ along with the exploitation of the authentication bypass to snatch an…

Hackthebox

4 min read

OpenKeyS — HackTheBox
OpenKeyS — HackTheBox
Hackthebox

4 min read


Dec 5, 2020

Unbalanced — HackTheBox

Summary Unbalanced is a hard-rated Windows machine created by polarbearer & GibParadox. Initial foothold is discovered by downloading encrypted configuration files from the RSync service running on port 873. Hostnames are found on the squid configuration file after decrypting the files with EncFS. Boolean-based SQL Injection is performed to gather user…

Penetration Testing

8 min read

Unbalanced — HackTheBox
Unbalanced — HackTheBox
Penetration Testing

8 min read


Nov 28, 2020

SneakyMailer — HackTheBox

Summary SneakyMailer is a medium-rated Linux machine created by sulcud. Initial foothold is discovered by performing a social engineering attack to get a user hand over his credentials for the Internet Message Access Protocol(IMAP) service. Access to the FTP server is gained after finding credentials in one of the email in…

Hackthebox

6 min read

SneakyMailer — HackTheBox
SneakyMailer — HackTheBox
Hackthebox

6 min read


Nov 21, 2020

Buff — HackTheBox

Summary Buff is an easy-rated windows machine created by egotisticalSW. User access is gained by exploiting a Remote Code Execution(RCE) vulnerability on Gym Management Software 1.0. Administrative privileges were obtained by exploiting a buffer overflow vulnerability on CloudMe 1.11.2. Reconnaissance Nmap scan only shows port 8080 (http) open.

Hackthebox

3 min read

Buff — HackTheBox
Buff — HackTheBox
Hackthebox

3 min read


Nov 7, 2020

Tabby — HackTheBox

Summary Tabby is an easy-rated Linux machine created by egre55. Initial foothold is obtained by discovering tomcat credentials with the help of Local File Inclusion. Access as tomcat is granted after deploying a WAR file which contains a reverse shell payload to the tomcat manager text interface. …

Hackthebox

5 min read

Tabby — HackTheBox
Tabby — HackTheBox
Hackthebox

5 min read


Oct 31, 2020

Fuse — HackTheBox

Summary Fuse is a medium-rated windows machine created by egre55. Initial foothold is gained by discovering an expired password that can be changed in order to get access to SMB shares and RPCClient. A user shell is obtained by enumerating the printer in RPCClient and determine a password used by one…

Windows

6 min read

Fuse — HackTheBox
Fuse — HackTheBox
Windows

6 min read


Sep 26, 2020

Admirer — HackTheBox

Summary Admirer is an easy-rated linux machine created by polarbearer and GibParadox. Initial foothold focuses on discovering ftp credentials on the web server that leads to discovery of files. User access is gained after finding credentials by exploiting a vulnerability in adminer database. …

Hackthebox

5 min read

Admirer — HackTheBox
Admirer — HackTheBox
Hackthebox

5 min read

y4th0ts

y4th0ts

22 Followers

InfoSec n00b who aims to get better everyday.

Following
  • sif0

    sif0

  • ar33zy

    ar33zy

  • Mok

    Mok

  • befall

    befall

See all (10)

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech

Teams