In this post, I would like to share a walkthrough of the Surveillance Machine from Hack the Box This room will be considered a medium machine on Hack the Box What will you gain from the Surveillance machine? For the user flag, you must encompass vulnerabilities characterized by detailed descriptions but lacking public proofs of concept (POCs) at the time of inception, presenting an intriguing puzzle. It commences with a Craft CMS instance. I plan to leverage an arbitrary object injection vulnerability to achieve remote code execution (RCE) and establish a shell. Addi ..read more

In this post, I would like to share some walkthroughs on the Sherlock Challenges such as Litter which can be considered an Easy Difficulty Case Study for Litter Challenge Khalid has just logged onto a host that he and his team use as a testing host for many different purposes. It’s off their corporate network but has access to lots of resources on the network. The host is used as a dumping ground for a lot of people at the company, but it’s very useful, so no one has raised any issues. Little does Khalid know; the machine has been compromised and company information that ..read more

In this post, I would like to share some walkthroughs on the Sherlock Challenges such as Einladen which can be considered a Medium Difficulty Case Study on Einladen Challenge In this challenge, Our staff recently received an invite to the German embassy to bid farewell to the German ambassador. We believe this invite was a phishing email due to alerts that were fired on our organisation’s SIEM tooling following the receipt of such mail. We have provided a wide variety of artefacts inclusive of numerous binaries, a network capture, DLLs from the host system and also a .hta ..read more

In this post, I would like to share a walkthrough of the Codify Machine from Hack the Box This room will be considered an Easy machine on Hack the Box What will you gain from the Codify machine? For the user flag, you will need to escape and run a command on the host system, using that to get a reverse shell. Then I’ll find a hash in an SQLite database and crack it to get the next user. As for the root flag, you need a script tasked with database backup management that will be targeted for exploitation. I’ll demonstrate two methods to exploit this script by manipula ..read more

In this post, I would like to share a walkthrough of the Rebound Machine from Hack the Box This room will be considered an Insane machine on Hack the Box What will you gain from the Rebound machine? For the user flag, you will need to Infiltrate an Active Directory environment ripe with vulnerabilities. Commencing with a RID-cycle attack to compile a user inventory, followed by a fusion of AS-REP-Roasting and Kerberoasting to obtain a hash vulnerable to cracking for a service account. This compromised password is also utilized by a domain user, enabling identificatio ..read more

In this post, I would like to share some walkthroughs on the Sherlock Challenges such as Nubilum-1 which can be considered a Medium Difficulty which can be found here Introduction to Nubilum-1 Challenge In this challenge, the cloud administration team is alerted to potential malicious activity occurring within their Amazon EC2 instances. Unrecognised deployments were discovered by the system administrator, posing a serious threat to the company’s reputation. The lack of preemptive security measures exacerbates the situation, including the unrestricted global access to ..read more

In this post, I would like to share a walkthrough of the Analytics Machine from Hack the Box This room will be considered an Easy machine on Hack the Box What will you gain from the Analytics machine? For the user flag, you will need to use the pre-authentication Remote Code Execution (RCE) exploit employed to leak a setup token, enabling the initiation of server setup. This involves injecting code into the configuration to achieve code execution. Within the Metabase container, credentials stored in environment variables are discovered and leveraged to gain access to ..read more

In this post, I would like to share some walkthroughs on the Sherlock Challenges such as Procnet which can be considered a Hard Difficulty which can be found here Introduction of Procnet Challenge In this challenge, With the rising utilization of open-source C2 frameworks by threat actors, our red team has simulated the functionalities of one such widely employed framework. The objective of this exercise is to aid blue teams in strengthening their defences against these specific threats. We have been provided with PCAP files and APIs collected during the event, which will serve ..read more

In this post, I would like to share a walkthrough of the Manager Machine from Hack the Box This room will be considered a medium machine on Hack the Box What will you gain from the Manager machine? For the user flag, you will need to initiate a rigorous investigative cycle, employing a RID (Relative Identifier) methodology. Subsequently, a meticulously orchestrated password spray attack ensues, utilizing each user’s username as a potential password. Upon successful penetration of the operator account, access to the MSSQL database instance is achieved, facilitating the ..read more

In this post, I would like to share a walkthrough of the Appsanity Machine from Hack the Box This room will be considered a Hard machine on Hack the Box What will you gain from the Appsanity machine? For the user flag, you will need to create an account and exploit a concealed input vulnerability to gain elevated privileges, assuming the role of a doctor. Subsequently, I will leverage the obtained cookie on another platform to gain access, where I discover a server-side request forgery (SSRF) vulnerability and an opportunity to upload PDF files. By circumventing a filt ..read more