HackTheBox

Hack The Box - Reel

Ghostbyt3 HackTheBox 11 min read
Really a good AD box, We need to do Phishing attack to get the initial shell and 1st user has WriteOwner Permission over another user. And 2nd User has some WriteDacl permission over a Group which has …
Read more…

Hack The Box - Magic

Ghostbyt3 HackTheBox 3 min read
Initial is by doing a SQLI to bypass login. And File Upload Vulnerability, from there we can get a shell and find user creds in SQL database. And root is by path hijack attack.
Read more…

Hack The Box - Traceback

Ghostbyt3 HackTheBox 4 min read
Traceback is really a good beginner friendly box, getting initial is to look for an existing webshell on the box. There is some sudo stuffs to get user shell and Privesc is by finding a script thats …
Read more…

Hack The Box - Sizzle

Ghostbyt3 HackTheBox 13 min read
This box is really fun and some Active Directory stuffs which is really good. Getting User is doing SCF attack and create certificate for the user and to get 2nd user we need to do Kerberoast and the …
Read more…

Hack The Box - Oouch

Ghostbyt3 HackTheBox 19 min read
This box includes tons of enumeration and Initial is by exploiting OAuth by authoring the administrator and create our own application and get admin session ID and grab ssh key of the user. And then …
Read more…