Open in app

Sign In

Write

Sign In

ARZ101
ARZ101

399 Followers

Home

About

Feb 11

HackTheBox — Photobomb

Photobomb from HackTheBox was an easy machine that involved finding credentials from a javascript file, giving access to a page which generates an image file, the POST parameter responsible for file extension was vulnerable to blind command injection, giving a shell as wizard user, escalation to root was straight forward…

Ctf

5 min read

HackTheBox — Photobomb
HackTheBox — Photobomb
Ctf

5 min read


Jan 28

HackTheBox — Ambassador

Ambassador from hackthebox was medium rated machine which involved exploiting Local File Inclusion in Grafana through which we can view the sqlite database for grafana which will have the base64 encoded password for developer user through which we can login, from /opt directory we can find Consul API token through…

Ctf

6 min read

HackTheBox — Ambassador
HackTheBox — Ambassador
Ctf

6 min read


Jan 21

HackTheBox — Updown

Updown, a medium rated linux machine involved fuzzing for subdomain leading to a dev domain which was accessible through a special header found from .git directory, the site had a file upload for the purpose of check the reachability of the sites in that file which lead to remote code…

Ctf

6 min read

HackTheBox — Updown
HackTheBox — Updown
Ctf

6 min read


Jan 13

HackTheBox — Shoppy

Shoppy an easy rated linux machine involved bypassing authentication through NoSQLi, further getting the credentials through that again which was used on mattermost subdomain found from fuzzing, from there finding jaeger’s credentials and logging in through ssh, with sudo privileges this user can run the password-manager binary as deploy which…

Ctf

5 min read

HackTheBox — Shoppy
HackTheBox — Shoppy
Ctf

5 min read


Jan 7

HackTheBox — Health

Health was medium rated linux machine that involved performing Server Side Request Forgery (SSRF) on webhook which the site was using, it had input sanitization through which SSRF couldn’t be performed normally, by using the monitored url field to host a php file to redirect to port 3000 on the…

Ctf

7 min read

HackTheBox — Health
HackTheBox — Health
Ctf

7 min read


Dec 17, 2022

HackTheBox — Support

Support form HackTheBox was an easy rated AD machine which involved enumerating SMB share to find a custom exe which was authenticating to LDAP, on either reversing or analyzing the traffic from the exe we can find the password for ldap user, having access to ldap service we can find…

Ctf

7 min read

HackTheBox — Support
HackTheBox — Support
Ctf

7 min read


Dec 10, 2022

HackTheBox — Outdated

Outdated was a medium rated windows machine which involved enumerating smb shares, from there getting a list of cve’s and an email, using follina by sending an email on smtp, getting a shell on a container as btables, by running sharphound to enumerate the domain, btables can add shadow credentials…

Ctf

9 min read

HackTheBox — Outdated
HackTheBox — Outdated
Ctf

9 min read


Dec 3, 2022

HackTheBox — Carpediem

Carpediem, a hard linux machine that involved registering for account and escalating to admin user by changing the login_type value, on registering a file can be uploaded which doesn’t allow php extensions which can be bypassed with ex iftool by adding a php code in the comment giving us www-data…

Hackthebox

11 min read

HackTheBox — Carpediem
HackTheBox — Carpediem
Hackthebox

11 min read


Nov 26, 2022

HackTheBox — RedPanda

Red panda, an easy rated linux machine, involved a spring boot application vulnerable Server Side Template Injection (SSTI) which was blocking few characters to not allow remote code execution, using any encoder for generating payload for java runtime exec, we get the shell as woodenk user, running pspy a jar…

Hackthebox

7 min read

HackTheBox — RedPanda
HackTheBox — RedPanda
Hackthebox

7 min read


Nov 19, 2022

HackTheBox — Hathor

Hathor was an insane windows machine that involved logging to mojopotral using default admin creds, uploading aspx web shell, enumerating the system to get BeatriceMill credentials, being a web service user we can perform IIS Impersonatation to get a reverse shell as BeatriceMill, on further enumeration, 7zip is being executed…

Windows

15 min read

HackTheBox — Hathor
HackTheBox — Hathor
Windows

15 min read

ARZ101

ARZ101

399 Followers

Smol Pentester | CTF Player | UwU

Following
  • HotPlugin

    HotPlugin

  • xnomas

    xnomas

  • Sanaullah Aman Korai

    Sanaullah Aman Korai

  • Nairuz Abulhul

    Nairuz Abulhul

  • Ahmed ElTijani

    Ahmed ElTijani

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech