Summary This is a box that focuses on reversing a lot of files from a previous attacker who has been so kind as to leave his backdoors in place for us. Let’s take a look! Foothold We start out by d...

Description This app has stored my credentials and I can only login automatically. I tried to intercept the login request and restore my password, but this seems to be a secure connection. Can you ...

Description Can you get the ticket without the VIP code? Writeup We receive an apk file, which we can then decompile via codium and the APKLab extension. The MainActivity.java file is seen below: ...

Summary This was an easy box that focused on enumerating a wordpress site, getting access as admin and then installing a malicious php plugin that gave a reverse shell. Once in on the box, a passwo...

Summary This box focused on enumerating an udp port hosting an ipmi service for a hash which, when cracked could be leveraged into logging in to a zabbix service. Rooting the box was relatively str...

Summary This box focused on exploiting an API via command injection after first forging a valid admin JWT. Once a foothold had been established, we could read the root ssh-key via a SUID binary bef...

Summary This box focuses on exploiting a pfsense, first through weak credentials and then via rce through the /status_rrd_graph_img.php? endpoint. Foothold and root We start out by doing an nmap po...

Summary This box focused on bypassing authentication on a tomcat application, as well as git enumeration. We then pivot from the tomcat user after having successfully uploaded a malicious .war file...

Summary This box is centered around command injection in a bash script, an exploit in msfvenom, and exploiting metasploit into getting a root shell. Let’s take a look. Foothold We start out by doin...

Summary A straightforward box showcasing the shellshock vulnerability with a simple root step. Enjoy! Foothold We start out by doing an nmap port scan: ┌──(bitis㉿workstation)-[~/htb/Machines/Shock...