Posts
0xPrashant
Cancel

Hackthebox obscurity writeup

Fuzzing the hidden dir and then analyzing the python script to excute the command and get an initial shell,And after decrypting the key using superSecureCrypt.py we can get password of user robert robert can run Betterssh.py i mentioned both unintended and Two intended ways to get root.

Hackthebox Admirer writeup

Nmap results and Gobuster reveals `robot.txt` file which is dissallowing a dir called `admin-dir` running wfuzz against it we got two files `contacts.txt` and `credentials.txt` which contains ftp user and pass.Got some files in ftp server.We got an another directory `utility-scripts` and fuzzing the dir we got another file `adminer.php` which is running the adminer-database on it.Connecting our `mysql` database with the adminer we can write `adminer-db` data to our `data` and so we got a `password` for user `waldo`.And the user **waldo** can run a script as `root`.Privilege escalation via `python library path hijacking` and running script as root we got a root `shell` by using **netcat** bind `shell`.

Hackthebox Openadmin writeup

Exploiting the openadmin service we get an initial shell and after getting credentials of jimmy in db.php logged in using ssh,Enumerating on a local high port we are joanna and privesc using nano is the journey of openadmin.

Hackthebox Quick writeup

This Box is currently in hackthbox active category , You can access the writeup only if you have either the Administrator user ntlm or the root user password hash from file /etc/shadow.

Hackthebox Magic writeup

This Box is currently in hackthbox active category , You can access the writeup only if you have the Administrator user ntlm in md5 format. For More information Go to http://0xprashant.github.io/pages/decryption-instruction

Hackthebox Servmon writeup

Anonymous access to ftp protocol and found that there exist a interesting file , Directory traversal on the nvms-1000 and grabbing that files and login in as a regular user ,Exploiting Nsclient that is running on port 8443 to get root.

Hackthebox Forwardslash writeup

Finding a new subdomain and a tricky lfi using php Wrapper and getting a users creds , Abusing a suid that is somehow linked to another file . Got user and analyzing a python script and getting password to mount images and got ssh-keys for root

Hackthebox Cascade writeup

This Box is currently in hackthbox active category , You can access the writeup only if you have the Administrator user ntlm in md5 format. For More information Go to http://0xprashant.github.io/pages/decryption-instruction

Hackthebox Sniper writeup

Identifying the RFI and exploiting it by executing our script using smb service and getting credentials of chris,Running command as chris and getting a Shell as chris.Best part of the machine to create a chm file and embeding our Command init , the boss will Execute the File on it own

Hackthebox Remote writeup

Mounting the NFS and got a sfd file which contains a hash and cracking it with john and logged in to umbraco and after searching an exploit for it got a RCE and shell as user , abusing service uSoSvc got shell as administrator.

© 2020 Prashant Saini. All rights reserved.