HackTheBox – Devel Writeup Today we are gonna solve the Devel machine from hackthebox. Devel is a windows machine released on 15 March 2017. There is ftp anonymous login enabled on the machine so we upload our payload and get a shell on the system. The privilege escalation is done by the infamous exploit KiTrap0D. […]

TryHackMe – Ice Writeup Ice is a beginner level windows machine on tryhackme. The machine runs an Icecast Media Server on one of the ports. We exploit this service to gain a remote shell on the machine. The privilege escalation is done with bypassuas_eventvwr exploit and by exploiting the SeTakeOwnershipPrivilege to gain system on the […]

HackTheBox – Irked Writeup Irked is a beginner level ctf based machine released on 17 November 2018. The machine has an UnrealIRCD server running which is vulnerable to backdoor command execution and we then hijack an SUID binary to gain root access on the machine. This machine also gives a little introduction on steganography. The […]

HackTheBox – Jerry Writeup Today we are gonna solve Jerry from hackthebox.eu. It is a beginner level windows machine released on 30 July 2018 Connecting to HTB Vpn: First, we have to connect to hackthebox vpn to get access to the machine. The vpn file can be downloaded from the access page of hackthebox. We […]

HackTheBox – Lame Writeup Today we are gonna solve the Lame machine from hackthebox. Lame is a Linux machine released on 14 March 2017. In the difficulty level, it is rated as an easy machine. We exploit a vulnerability in the smb port to gain direct root access. Let’s get started. Connecting to HTB Vpn: […]

HackTheBox – Legacy Writeup Today we are gonna solve Legacy from hackthebox.eu. Legacy is an easy windows machine residing at the ip address 10.10.10.4 released on 15 July 2017. We use the exploit MS08-067 to attack this machine and gain system access. This machine is also vulnerable to MS17-010 Eternal Blue exploit. Connecting to HTB […]

HackTheBox – Sense Writeup Sense is a beginner level FreeBSD machine released on 21 October 2017. The machine resides at 10.10.10.60. It has a webserver running pfsense firewall which has a remote code execution vulnerability. This vulnerability gives us direct root access into the machine. Connecting to HTB Vpn: 1] First download the vpn file […]

TryHackMe Tomghost-Writeup Tomghost is a beginner level machine from tryhackme. The machine is focused on teaching about the famous Apache Jserv exploit Ghostcat. We use Ghostcat LFI exploit to gather ssh credentials and gain access to the machine. The machines also has some pgp encryption files for us to crack and the final root access […]

TryHackMe Simple CTF-Writeup Simple CTF is a beginner level machine on TryHackMe. The machine has a webserver, a FTP server and a ssh service running. The webserver has an installation of CMS Made Simple 2.2.8 which is vulnerable to SQLi . This SQLi is used to gain credentials of the ssh user and the sudo privileges […]

TryHackMe Sudo Buffer Overflow-Writeup Sudo Buffer Overflow is a beginner level Linux machine on TryHackMe. The machine teaches us about vulnerabilities in sudo command. The machine is running sudo < 1.8.26 which is vulnerable to Buffer Overflow exploit if password feedback is turned on. In this machine, the password feedback is turned on so we […]