Hackthebox Control writeup image

Using X-Forwarded-For to Bypass the Waf , A search product option which leads to a SQLI.After Uploading a shell and executing it to get a Actual powershell shell , And then modifying the Registry of the service to Spawn a shell as admin.

Hackthebox Traverxec writeup image

Exploiting the vulnerable nostromo version for getting initial shell and finding the hidden dir, cracking the ssh private keys to get user and running journalctl as root and exploiting the journalctl to get root shell.

Hackthebox Resolute writeup image

Running enum4linux against the machine , We got a some usernames and a password . Found another user’s credentials in a hidden dir and the user is in the group of dnsadmin , So we can modify the dns enteries to get root.

© 2021 Prashant Saini.