Open in app

Sign In

Write

Sign In

ARZ101
ARZ101

373 Followers

Home

About

Jan 28

HackTheBox — Ambassador

Ambassador from hackthebox was medium rated machine which involved exploiting Local File Inclusion in Grafana through which we can view the sqlite database for grafana which will have the base64 encoded password for developer user through which we can login, from /opt directory we can find Consul API token through…

Ctf

6 min read

HackTheBox — Ambassador
HackTheBox — Ambassador
Ctf

6 min read


Jan 21

HackTheBox — Updown

Updown, a medium rated linux machine involved fuzzing for subdomain leading to a dev domain which was accessible through a special header found from .git directory, the site had a file upload for the purpose of check the reachability of the sites in that file which lead to remote code…

Ctf

6 min read

HackTheBox — Updown
HackTheBox — Updown
Ctf

6 min read


Jan 13

HackTheBox — Shoppy

Shoppy an easy rated linux machine involved bypassing authentication through NoSQLi, further getting the credentials through that again which was used on mattermost subdomain found from fuzzing, from there finding jaeger’s credentials and logging in through ssh, with sudo privileges this user can run the password-manager binary as deploy which…

Ctf

5 min read

HackTheBox — Shoppy
HackTheBox — Shoppy
Ctf

5 min read


Jan 7

HackTheBox — Health

Health was medium rated linux machine that involved performing Server Side Request Forgery (SSRF) on webhook which the site was using, it had input sanitization through which SSRF couldn’t be performed normally, by using the monitored url field to host a php file to redirect to port 3000 on the…

Ctf

7 min read

HackTheBox — Health
HackTheBox — Health
Ctf

7 min read


Dec 17, 2022

HackTheBox — Support

Support form HackTheBox was an easy rated AD machine which involved enumerating SMB share to find a custom exe which was authenticating to LDAP, on either reversing or analyzing the traffic from the exe we can find the password for ldap user, having access to ldap service we can find…

Ctf

7 min read

HackTheBox — Support
HackTheBox — Support
Ctf

7 min read


Dec 10, 2022

HackTheBox — Outdated

Outdated was a medium rated windows machine which involved enumerating smb shares, from there getting a list of cve’s and an email, using follina by sending an email on smtp, getting a shell on a container as btables, by running sharphound to enumerate the domain, btables can add shadow credentials…

Ctf

9 min read

HackTheBox — Outdated
HackTheBox — Outdated
Ctf

9 min read


Dec 3, 2022

HackTheBox — Carpediem

Carpediem, a hard linux machine that involved registering for account and escalating to admin user by changing the login_type value, on registering a file can be uploaded which doesn’t allow php extensions which can be bypassed with ex iftool by adding a php code in the comment giving us www-data…

Hackthebox

11 min read

HackTheBox — Carpediem
HackTheBox — Carpediem
Hackthebox

11 min read


Nov 26, 2022

HackTheBox — RedPanda

Red panda, an easy rated linux machine, involved a spring boot application vulnerable Server Side Template Injection (SSTI) which was blocking few characters to not allow remote code execution, using any encoder for generating payload for java runtime exec, we get the shell as woodenk user, running pspy a jar…

Hackthebox

7 min read

HackTheBox — RedPanda
HackTheBox — RedPanda
Hackthebox

7 min read


Nov 19, 2022

HackTheBox — Hathor

Hathor was an insane windows machine that involved logging to mojopotral using default admin creds, uploading aspx web shell, enumerating the system to get BeatriceMill credentials, being a web service user we can perform IIS Impersonatation to get a reverse shell as BeatriceMill, on further enumeration, 7zip is being executed…

Windows

15 min read

HackTheBox — Hathor
HackTheBox — Hathor
Windows

15 min read


Nov 12, 2022

HackTheBox — Shared

Shared was medium rated linux machine which involved exploiting data in the cookie which was being fetched from database in json format vulnerable to sqli, enumerating the database we’ll find the credentials for james_mason , running pspy we’ll see that ipython which has is being ran in a directory where…

Ctf

9 min read

HackTheBox — Shared
HackTheBox — Shared
Ctf

9 min read

ARZ101

ARZ101

373 Followers

Smol Pentester | CTF Player | UwU

Following
  • Laraib Khan

    Laraib Khan

  • Kavishka Gihan

    Kavishka Gihan

  • Max Rand

    Max Rand

  • xnomas

    xnomas

  • Ahmed ElTijani

    Ahmed ElTijani

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech