Sau is an "easy" box from Hack The Box that requires chaining together multiple vulnerabilities to gain access. Enumeration I ran a full port scan and found port 55555 open, and ports 80 and 8338 filtered. Port 55555 was running an app called Request Baskets, version 1.2.1. I used SearchSploit to find an exploit. searchsploit … Continue reading Hack The Box: Sau write-up
Tag: oscp
Proving Grounds: Nibbles write-up
Nibbles is a very straightforward box on Proving Grounds. It is in the "Get To Work" category because it requires two steps to root, however it really is simple enough to be part of the "Warm Up" category and is a great box for beginners looking to practice privilege escalation. Enumeration I started with AutoRecon … Continue reading Proving Grounds: Nibbles write-up
Proving Grounds: Fail write-up
Fail is an intermediate box from Proving Grounds, the first box in the "Get To Work" category that I am doing a write-up on. Despite being an intermediate box it was relatively easy to exploit due with the help of a couple of online resources. Getting root access to the box requires exploitation of rsync … Continue reading Proving Grounds: Fail write-up
Proving Grounds: Algernon write-up
Algernon is an easy box from Proving Grounds that requires only a one step exploit to root with a pre-compiled script. Enumeration An nmap scan reveals 7 ports open. nmap output Port 9998 Browsing to port 9998 in a browser reveals a landing page with a login form for a system called "SmarterMail". SmarterMail on … Continue reading Proving Grounds: Algernon write-up
Proving Grounds: Wombo write-up
Wombo is an easy Linux box from Proving Grounds that requires exploitation of a Redis RCE vulnerability. There is no privilege escalation required as root is obtained in the foothold step. Enumeration Nmap shows 6 open ports. nmap using AutoRecon Port 6379 Nmap tells us that port 6379 is running Redis 5.0.9. A quick Google … Continue reading Proving Grounds: Wombo write-up
Proving Grounds: Slort write-up
Slort is an intermediate Windows box from Proving Grounds. Being an intermediate box it has a two step process to obtain root, but it is still relatively straightforward and a good box to practice some fundamental skills Enumeration Nmap showed 7 open ports. There are things to explore on each of the ports, but 8080 … Continue reading Proving Grounds: Slort write-up
Proving Grounds: Twiggy write-up
Twiggy was another easy box from Proving Grounds. If you've read the write-up on Bratarina then Twiggy follows a very similar methodology; by which I mean it's one step to root by executing a pre-compiled exploit on an unusual port. Enumeration As always we start with AutoRecon and check out the nmap. _quick_nmap Looks like … Continue reading Proving Grounds: Twiggy write-up
Proving Grounds: Bratarina write-up
Bratarina Bratarina from Offensive Security's Proving Grounds is a very easy box to hack as there is no privilege escalation and root access is obtained with just one command using a premade exploit. The hardest part is finding the correct exploit as there are a few rabbit holes to avoid. Enumeration The first step always … Continue reading Proving Grounds: Bratarina write-up