Hackthebox Forwardslash writeup image

Finding a new subdomain and a tricky lfi using php Wrapper and getting a users creds , Abusing a suid that is somehow linked to another file . Got user and analyzing a python script and getting password to mount images and got ssh-keys for root

Hackthebox Cascade writeup image

This Box is currently in hackthbox active category , You can access the writeup only if you have the Administrator user ntlm in md5 format. For More information Go to

Hackthebox Sniper writeup image

Identifying the RFI and exploiting it by executing our script using smb service and getting credentials of chris,Running command as chris and getting a Shell as chris.Best part of the machine to create a chm file and embeding our Command init , the boss will Execute the File on it own

Hackthebox Remote writeup image

Mounting the NFS and got a sfd file which contains a hash and cracking it with john and logged in to umbraco and after searching an exploit for it got a RCE and shell as user , abusing service uSoSvc got shell as administrator.

Hackthebox Traceback writeup image

This Box is currently in hackthbox active category , You can access the writeup only if you have the root flag of the machine.I cant reveal the box information due to hackthebox rules.Thanks

Hackthebox Oouch writeup image

This is relatively an insane box , It revolves around the Oauth2 as feom which we get account linked to qtc (admin) using a SSRF and then a xss in which just gave we have to steal cookies of the user qtc and from that sesion id we logged into api and get the ssh-keys for user.There is a docker running and we can ssh into it.Exploiting the uwsgi to get shell as www-data and then exploiting dbus to get shell as root

Hackthebox Book writeup image

This box is currently active,So in order to read its writeup you should have the root hash Goto the following url to access the Writeup

Hackthebox Sauna writeup image

Got usernames from the about page , performing a asreproast attack using and then cracking the hash with john , after login running winpeas and found autologon creds of svc_loanmgr , and he can perform a dcsync attack

Hackthebox Nest writeup image

This machine is currently active on hackthebox wait until it gets retired or if you have owned it then you need to get the Administrator NTLM hash or the root password hash from the file /etc/shadow file.And enjoy the writeup.

Hackthebox Json writeup image

Json is a medium level machine and its a very interesting machine and straightforward.This machine taught me many new things and i liked the box very much.Thanks to Htb and the creator.

© 2021 Prashant Saini.