Bimo99B9

Bimo99B9

Cybersecurity at EPFL and ETHZ.
CTFs player. Adversarial ML.

Posts by Year

2024

Back to Top ↑

2022

Back to Top ↑

2021

Seal - Hack The Box

This system is exploited, after some fuzzing, through a Tomcat manager with path traversal that makes the typical WAR shell a bit more difficult, and lateral movement is performed, as well as privilege escalation, through ansible misconfigurations.

Spider - Hack The Box

Spider is a complex machine with two SSTI vulnerabilities, and a really interesting method to get cookies with its private key. To escalate privileges we take advantage of the fact that we are allowed to enter input in an XML file, of which a parameter is displayed in a web service.

Dynstr - Hack The Box

Dynstr is a different box that works with dynamic dns and a really uncommon privilege escalation. It is not an OSCP style box, but it is also interesting because of how different it is. We can learn many things about DNS with this system.

Monitors - Hack The Box

Monitors is a hard machine that goes from apache, cacti, to wordpress servers. Privilege escalation involves lateral movement between users and escaping from a docker image, which makes this machine a long and difficult challenge, but very entertaining for somewhat experienced attackers.

Cap - Hack The Box

Cap is one of the easiest Linux machines available in the platform. It is the machine that I always recommend to my degree partners that want to start in HackTheBox, as it is very intuitive and the required tools are known for every person with IT knowledges, even if it is their first machine.

Pit - Hack The Box

Pit is a medium HackTheBox machine that targets SNMP exploitation and enumeration. It is enumerated with the public community, and an attack to SeedDMS gives us RCE to gain access to a CentOS control pannel. Some misconfigurations in a bash script which works with SNMP are used to escalate privileges and root this quite complex system.

Schooled - Hack The Box

The Schooled HackTheBox machine is a Medium FreeBSD system with a Moodle web content manager, very real-life applicable as many school and university systems are configured the same way as this one. From a simple school webpage, you go through student, teacher and manager accounts to finally root the system.

Knife - Hack The Box

The Knife machine of HackTheBox is an easy Linux machine very useful to understand basic concepts about enumeration, and how to stablish a simple reverse shell. It is also helpful to understand the escalation of privileges using GTFObins.

Love - Hack The Box

Love is a very easy Windows machine that can be easily solved if some basic concepts are clear. It contains a SSRF attack, which is not very common, and this machine is a very good example of how it works. Enumeration is also very important here, for both foothold and privilege escalation, this last one taking advantage of the AlwaysInstallElevated feature being turned on.

Academy - Hack The Box

Academy is a very complete Linux machine about the new HackTheBox Academy platform, which covers enumeration with directory lists, virtual hosting, Laravel exploitation, a lot of lateral movement and privilege escalation with composer.

Back to Top ↑

2020

Remote - Hack The Box

Remote is a Windows machine with the Umbraco web content manager, which is exploited through a mountable partition and cached credentials whose greatest vulnerability is an outdated version of Umbraco, what makes possible to exploit the machine.

Sauna - Hack The Box

Sauna is a very complete Windows machine, in which some of the most common tools are used to gain access and escalate privileges in the system. The enumeration requires making a list of possible usernames using the about page of the website. In the privilege escalation, the Pass-The-Hash technique is used to become administrator, which makes the machine interesting at the same time that it is easy and enjoyable to start with Windows pentesting.

Back to Top ↑