Linux Machines on 0xMesbaha

Open Source HackTheBox Writeup

Sat, 08 Oct 2022 00:45:19 +0200

In This Box we are facing interesting Stuff like Docker , git hooks and other stuff. first we got access to a docker in the machine by overwritting the application code with a reverse shell. then we make port forwarding to scan the original host which has a Service running and we can see it from the docker. From this Service we can get access to the actual machine and from their we can get the root access using git hooks because the root seems to have a cronjob running git

napping 1.0.1 vulnhub writeup

Mon, 27 Jun 2022 00:45:19 +0200

In This VulnHub Box, we are facing a relatively an interesting vulnerability which is tab-nabbing that will help us phish the admin to get his credentials which we can use to ssh into the Box , From There we can get a reverse shell from adrian user as he is running a cron job which is a python script and we can write into it because we are in the administrators group. and for the root part we have sudo privilege on vim editor.

you can download the machine from here we have the description :

Even Admins can fall asleep on the job

it indicates that some admin will make a mistake or something but let’s Jump in and see ourselves.

Pandora Hackthebox writeup

Sat, 21 May 2022 00:51:12 +0200

In This Box we are going to enumerate the snmp port which will show user daniel with his password as a string in the output , we are going to login with ssh to him and will see there is another user matt which has the user.txt , after some enumeration we will see there is pandora fms running internally with user matt , we will port forward to exploit the vulnerable service then we will abuse a path poisoning in a custom binary for the root access

Unicode Hackthebox writeup

Sat, 07 May 2022 12:49:13 +1000

In This medium Box we are playing with JWT Tokens in specific the jku Claim Misuse , which will let us login as admin account then we will use the Unicode Encoding to read files on the system. Eventually we will find a password for user then ssh to login. for the root part we are abusing the sudo privilege on a binary which can read files on the system.

Backdoor Hackthebox writeup

Sat, 23 Apr 2022 00:51:12 +0200

In this easy Linux box we are facing a wordpress plugin vulnerable to directory traversal letting us reading some files on the system , brute forcing the /proc/[pid] found a vulnerable gdb server running , exploiting it will gain low privilege shell , then abusing the screen binary to get the root access.

Shibboleth Hackthebox writeup

Fri, 01 Apr 2022 00:49:18 +0200

In this Box we are going to enumerate a udp port and dump the administrator hash ,then we will crack it , using these credentials we will login to the zabbix web interface , using my exploit for this version of zabbix we will get a low-privilege shell. re-using same password will leverage our access to a user. for the root part we will exploit a vulnerable maria-db version

Secret Hackthebox writeup

Sat, 26 Mar 2022 00:45:19 +0200

In this Box we are going to follow documentation instructions to create a new user , will face sensitive data exposure will let us see a delete commit ,this will help us change our token to the admin token and login as admin , reading source codes we find a command injection so we will have a reverse shell as a user, for the root part there is a suid binary that can read any file on the system and count it , and in the source code it has PR_SET_DUMPABLE so we can dump it if it receives a signal while running ,we will send segmentation fault signal and dump the process then performing strings on the dump we can read the root ssh private key and login as root

Devzat Hackthebox writeup

Fri, 11 Mar 2022 00:45:12 +0900

In this Hackthebox we will get a user access through a command injection in a vhost , then will make port forwarding to find a service that will give us the password for another user who have access to some backups, in this backups we can find the source-code for a bot , the bot has 2 versions one of them is running locally and it has a command “file” which allows us to read any file on the sytsem we will make port forwarding one more time to read the root private key and login as root

Bolt Hackthebox writeup

Fri, 18 Feb 2022 00:45:12 +0200

In this Hackthebox we will go analyze a docker img files and from there will find some juicy stuff will help us login to a vhost “demo” which has some functions aren’t in the main web application , from there we will exploit SSTI and gain low-privilege shell as www-data , during box enumeration we will find some passwords in the system which will let us get a user access , after that we will connect to a mysql database then will find a PGP encrypted message , somehow will gain the user private gpg key to decrypt the message which contains the root password .

Horizontall Hackthebox writeup

Fri, 04 Feb 2022 00:45:09 +0200

we got low-privilege access due to Vulnerable version of strapi CMS then got root access because of the Vulnerable Version of Laravel. main techniques used are : Vhost enumeration and port forwarding without ssh

Forge Hackthebox writeup

Thu, 27 Jan 2022 00:45:09 +0200

detailed writeup for retired machine Forge From Hackthebox

Previse Hackthebox writeup

Thu, 27 Jan 2022 00:45:08 +0200

In this Writeup you will find walkthrough of the retired machine previse From Hackthebox