HackTheBox: Shocker - Shellshock Exploitation & Perl Sudo Privesc
Walkthrough of HackTheBox Shocker, exploiting the Shellshock vulnerability (CVE-2014-6271) in a CGI script and escalating to root via sudo perl.
HackTheBox Writeups
Detailed walkthroughs of HackTheBox machines. Enumeration, exploitation, and privilege escalation with a focus on techniques that transfer to real engagements.
HackTheBox: Optimum - HFS RCE & Kernel Exploit Privesc
Walkthrough of HackTheBox Optimum, exploiting HttpFileServer 2.3 RCE vulnerability and escalating to SYSTEM using MS16-098 kernel exploit.
HackTheBox: Forest - AS-REP Roasting & DCSync Attack
Walkthrough of HackTheBox Forest, exploiting Active Directory misconfigurations through AS-REP Roasting, Account Operators abuse, and DCSync attack to gain Domain Admin.
HackTheBox: Devel - FTP Upload to IIS & Kernel Exploit Privesc
Walkthrough of HackTheBox Devel, uploading a web shell via anonymous FTP to an IIS server and escalating to SYSTEM using MS11-046 kernel exploit.
HackTheBox: Bashed - Web Shell Discovery & Cron Privilege Escalation
Walkthrough of HackTheBox Bashed, finding an exposed phpbash web shell and escalating to root via a Python cron job.
HackTheBox: Blue - EternalBlue (MS17-010) Exploitation
Walkthrough of the HackTheBox Blue machine...