Hack The Box Writeups
Hack The Box is an online platform allowing you to test your penetration testing skills and exchange ideas and methodologies with thousands of people in the security field.
Below you will find my personal writeups of the various boxes that can be found on hackthebox.eu, ranked by difficulty.
Personal Cherrytree Pentesting Notes
Ech0
Hack The Box - Easy Boxes
Template Page
- | CVE-2007-2447, vsftpd 2.3.4
- | CVE-2008-4245, ms08_067_netapi
- | Anonymous FTP, ms10_015_kitrap0d
- | Elastix, Webmin, vtiger
- | HttpFileServer 2.3, rejetto, 41020
- | ColdFusion 8, JRun Web Server
- | IIS 6.0, webdav
- | IIS 6.0, webdav
- | DNS, reverse php shell, root binary
- | Wordpress, jar
- | MS17-010, EternalBlue, Win7 SP1
- | PiHole
- | ShellShock, 34900
- | FreeBSD, pfSense
- | PHPBash, kernel 4.4, 44298
- | NibbleBlog 4.0.3
- | HeartBleed
- | Solaris, SunOS, fingerd, unshadow, john
- | IIS 7.5, transfer.aspx
- | Tomcat, tomcat_mgr_login, mgr_upload
- | SMB, Kerberoast, gpp encrypt
- | ftp, telnet, pst, mbox, readpst, runas
- | Brainfuck, nginx, ROP exploit
- | Joomla , reverse php
- | UnrealIRCd
- | Moodle, MariaDB, hashes
- | HelpdeskZ, reverse php, 44298
- | smb, ssl certs, dns
- | ftp, prtg network monitor
- | ssl certs, cron
- | smb, share mounting, vhd, mRemoteNG
- | Magento, lfi, reverse php
- | CMS made Simple, 46635 , reverse py
- | Elasticsearch, json, kibana
- | ROP, ghidra, gef, keepass hashes
- | Cisco pass, smb, sysinternals
- | Reverse php gif, cmd execution
Ech0
Hack The Box - Medium Boxes
Template Page
- | Torrent Hoster
- | Drupal 7
- | Wordpress
- | php lavarel, sql injection
- | OctoberCMS
- | cookie authentification padding abuse
- | udp snmp ipv6
- | php rce, GNU screen 4.50
- | europacorp v0.2b, sqlmap, RCE
- | phpLiteAdmin v1.9, hydra port knocking
- | wordpress, wordlists
- | james smtpd, james pop3d
- | myplace nodejs api, mongodb, binexp
- | php sql inj, joomla, wp, binexp
- | askjeeves, kdbx, rdesktop
- | dompdf, webdav, pivot
- | Fuzzing
- | AChat, Win7
- | xml-content XXE, wordpress
- | server monitor, simple chat User-Agent
- | OGNL RCE, mysql, python lib hijacking
- | Node.js concatenating deserialization
- | Oracle DB RCE
- | FreeBSD, php LFI
- | cPickle, couchDB, pip
- | xdebug 2.5.5, airgeddon, knock, docker
- | Wordpress, gwolle-gb, tar
- | XXE, github repository enumeration
- | aes-256-cbc, ssh tunnel, H2 database
- | Evasive LFI, Container, cap_dac_read_search
- | XSRF, SQLi, nc.exe, smb, IIS,
- | SQLi, xp_dirtree, Ubiquiti UniFi-Video
- | FreeBSD, ldap, smb, putty, ssh certificates
- | Lyghtspeed, Quagga v0.99, BGP routes MITM
- | SOCKS5 Port Forwarding, double pivoting, gpg
- | SQLi, PHPSESSID, cmd injection, psql, sudo gid
- | LDAP, getcap, tcpdump, binary capabilities
- | WebMin, roundcube, ajax.php, LaTeX, firefox
- | smb, excel macros, mssql, xp_dirtree, winRM
- | smb, LUKS, javax.ViewState, powershell privesc
- | 2nd order blind SQL injection, luks initrd.img
- | Boostrap4, JWT, Ajenti, FreeBSD amd64
- | SQL Injection, python privesc, systemctl SUID
- | Gogs, REST api, docker, mysql sqlAlchemy
- | Gitlab, hardcoded creds in js, sudo git pull
- | Centreon, uncompyle, linpeas, GNU Screen 4.5.0
- | lazy to finish that one lol
- | lazy to finish that one lol
Ech0
Hack The Box - Hard Boxes
Template Page
- |
- | PHP Injection, wav file, alpine privesc
- | SQL Injection, SuperCMS, SUID 4000
- |
- | IIS7, Orchard, DBeaver, MSSQL Server, psexec
- | Apache Tomcat, NTDS, disk group, lxc
- |
- |
- | linux char limit, video+disks group, linpeas
- | manual psexec, MOF, nc.exe, ADS, streams.exe
- |
- |
- |
- |
- |
- |
- |
- |
- |
- |
- |
- |
- |
- |
- |
- |
- |
- |
Ech0
The Concept
The Goal is to capture both the User and the Root flags by gaining unauthorized access to the machines on HTB's private network, in order to get the flags,
one has to employ various sets of pentesting skills, from finding out common vulnerabilities in the easier boxes, to crafting custom-exploitation for the harder boxes.
