In this post, I would like to share a walkthrough of the Headless Machine from Hack the Box This room will be considered an Easy machine on Hack the Box What will you gain from the Headless machine? For the user flag, you need to exploit a Cross-Site Scripting (XSS) vulnerability, we will capture the session cookie of the administrator user. This captured cookie will enable us to perform Remote Code Execution (RCE), allowing us to gain access to the target machine. As for the root flag, you must exploit the syscheck script by creating a malicious file, enabling it t ..read more

In this post, I would like to share a walkthrough of the Corporate Machine from Hack the Box This room will be considered an Insane machine on Hack the Box What will you gain from the Corporate machine? For the user flag, you need to abuse a complex XSS attack that involves two HTML injections and a dynamic JavaScript injection to bypass a content security policy and steal a cookie. Using the cookie, I will enumerate users and exploit an insecure direct object reference vulnerability to access a welcome PDF. This document reveals the default password format, which in ..read more

In this post, I would like to share a walkthrough of the Perfection Machine from Hack the Box This room will be considered an Easy machine on Hack the Box What will you gain from the Perfection machine? For the user flag, you need to abuse the vulnerability that identified was in the “weighted grade calculator” application on the web server. After multiple unsuccessful attempts with various payloads, a template injection vulnerability was successfully exploited using Ruby payloads. This allowed for arbitrary code execution and the reading of the /etc/passwd file. Con ..read more

In this post, I would like to share a walkthrough of the Jab Machine from Hack the Box This room will be considered a medium machine on Hack the Box What will you gain from the Jab machine? For the user flag, you need to gain access to a Jabber/XMPP server and use Pidgin to enumerate over two thousand users. By performing AS-REP Roasting, I will identify three users with the “disable preauth” bit set, one of whom has a crackable password. Logging into the chat server with this user’s credentials, I will discover a private chat discussing a penetration test, which in ..read more

Case Scenario Alonzo Spotted Weird files on his computer and informed the newly assembled SOC Team. Assessing the situation it is believed a Kerberoasting attack may have occurred in the network. It is your job to confirm the findings by analyzing the provided evidence. You are provided with: 1- Security Logs from the Domain Controller 2- PowerShell-Operational Logs from the affected workstation 3- Prefetch Files from the affected workstation 1. Analyzing Domain Controller Security Logs, can you confirm the date & time when the kerberoasting activity occurred? 2. What is the Servi ..read more

In this post, I would like to share a walkthrough of the Crafty Machine from Hack the Box This room will be considered an Easy machine on Hack the Box What will you gain from the Crafty machine? For the user flag, you must exploit a Minecraft server, which is particularly vulnerable to the Log4Shell exploit due to its use of the Java Log4J package, I will connect using a free Minecraft command-line client. By sending a Log4Shell payload, I will gain shell access to the system. As for the root flag, you need to locate and analyze a plugin for the Minecraft server to ..read more

In this post, I would like to share some walkthroughs on the Sherlock Challenges Noted can be considered an Easy Difficulty Simon, a developer working at Forela, notified the CERT team about a note that appeared on his desktop. The note claimed that his system had been compromised and that sensitive data from Simon’s workstation had been collected. The perpetrators performed data extortion on his workstation and are now threatening to release the data on the dark web unless their demands are met. Simon’s workstation contained multiple sensitive files, including planned softwa ..read more

In this post, I would like to share a walkthrough of the Pov Machine from Hack the Box This room will be considered a medium machine on Hack the Box What will you gain from the Pov machine? For the user flag, you must to exploit a file read and directory traversal vulnerability on the web page, read the ASP.NET secrets used for VIEWSTATE. Then, use ysoserial.net to craft a malicious serialized .NET payload to achieve code execution As for the root flag, you need to exploit a PowerShell credential, and then utilize SeDebugPrivilege through both Metasploit and a Power ..read more

In this post, I would like to share some walkthroughs on the Sherlock Challenges such Constellation can be considered a Medium Difficulty Case Study The SOC team has recently been alerted to the potential existence of an insider threat. The suspect employee's workstation has been secured and examined. During the memory analysis, the Senior DFIR Analyst succeeded in extracting several intriguing URLs from the memory. These are now provided to you for further analysis to uncover any evidence, such as indications of data exfiltration or contact with malicious entities. Should ..read more

In this post, I would like to share a walkthrough of the Bizness Machine from Hack the Box This room will be considered an Easy machine on Hack the Box What will you gain from the Bizness machine? For the user flag, you will need to exploit CVE-2023-49070, an authentication bypass vulnerability in Apache OFBiz. As for the root flag, you need to be able to analyze the source code of the application’s hashing function to understand how the password hash is generated and then reverse the process. The required hash value can be obtained using CyberChef. Information Gath ..read more