Drive - Hack The Box
The Drive machine is a hard Linux system that needs reverse engineering, and performing a SQL injection on a binary.
Recent Posts
Drive - Hack The Box
Serverless Apache Airflow with AWS MWAA
Optimizing ETL processes using a serverless architecture with Apache Airflow on AWS MWAA, achieving significant cost savings and efficiency.
Volatility
Análisis forense de un volcado de memoria volátil (RAM) utilizando Volatility
AgaporniOS
Configuración y personalización de un entorno Linux orientado a pruebas de penetración y seguridad ofensiva
Seal - Hack The Box
This system is exploited, after some fuzzing, through a Tomcat manager with path traversal that makes the typical WAR shell a bit more difficult, and lateral movement is performed, as well as privilege escalation, through ansible misconfigurations.
Spider - Hack The Box
Spider is a complex machine with two SSTI vulnerabilities, and a really interesting method to get cookies with its private key. To escalate privileges we take advantage of the fact that we are allowed to enter input in an XML file, of which a parameter is displayed in a web service.
Dynstr - Hack The Box
Dynstr is a different box that works with dynamic dns and a really uncommon privilege escalation. It is not an OSCP style box, but it is also interesting because of how different it is. We can learn many things about DNS with this system.
Monitors - Hack The Box
Monitors is a hard machine that goes from apache, cacti, to wordpress servers. Privilege escalation involves lateral movement between users and escaping from a docker image, which makes this machine a long and difficult challenge, but very entertaining for somewhat experienced attackers.
Cap - Hack The Box
Cap is one of the easiest Linux machines available in the platform. It is the machine that I always recommend to my degree partners that want to start in HackTheBox, as it is very intuitive and the required tools are known for every person with IT knowledges, even if it is their first machine.
Pit - Hack The Box
Pit is a medium HackTheBox machine that targets SNMP exploitation and enumeration. It is enumerated with the public community, and an attack to SeedDMS gives us RCE to gain access to a CentOS control pannel. Some misconfigurations in a bash script which works with SNMP are used to escalate privileges and root this quite complex system.