Posts
0xPrashant
Cancel

Hackthebox Traceback writeup

This Box is currently in hackthbox active category , You can access the writeup only if you have the root flag of the machine.I cant reveal the box information due to hackthebox rules.Thanks

Hackthebox Oouch writeup

This is relatively an insane box , It revolves around the Oauth2 as feom which we get account linked to qtc (admin) using a SSRF and then a xss in which just gave we have to steal cookies of the user qtc and from that sesion id we logged into api and get the ssh-keys for user.There is a docker running and we can ssh into it.Exploiting the uwsgi to get shell as www-data and then exploiting dbus to get shell as root

Hackthebox Book writeup

This box is currently active,So in order to read its writeup you should have the root hash Goto the following url to access the Writeup http://0xprashant.github.io/private/root.txt

Hackthebox Sauna writeup

Got usernames from the about page , performing a asreproast attack using GetNPusers.py and then cracking the hash with john , after login running winpeas and found autologon creds of svc_loanmgr , and he can perform a dcsync attack

Hackthebox Nest writeup

This machine is currently active on hackthebox wait until it gets retired or if you have owned it then you need to get the Administrator NTLM hash or the root password hash from the file /etc/shadow file.And enjoy the writeup.

Hackthebox Json writeup

Json is a medium level machine and its a very interesting machine and straightforward.This machine taught me many new things and i liked the box very much.Thanks to Htb and the creator.

Hackthebox Control writeup

Using X-Forwarded-For to Bypass the Waf , A search product option which leads to a SQLI.After Uploading a shell and executing it to get a Actual powershell shell , And then modifying the Registry of the service to Spawn a shell as admin.

Hackthebox Traverxec writeup

Exploiting the vulnerable nostromo version for getting initial shell and finding the hidden dir, cracking the ssh private keys to get user and running journalctl as root and exploiting the journalctl to get root shell.

Hackthebox Resolute writeup

Running enum4linux against the machine , We got a some usernames and a password . Found another user's credentials in a hidden dir and the user is in the group of dnsadmin , So we can modify the dns enteries to get root.

© 2020 Prashant Saini. All rights reserved.