HackTheBox

Difficulty: Medium Operating System: Linux Executive Summary Gavel is a Linux machine that combines source code disclosure, application security flaws, and custom software analysis to achieve full system compromise. The attack begins with an exposed Git repository, leading to source code disclosure and identification of a PDO placeholder confusion vulnerability. After obtaining administrative access to the web application, arbitrary PHP code execution is achieved through insecure runtime rule evaluation. Finally, a custom root-owned service is reversed and abused to gain root privileges. ...

Difficulty: Medium Operating System: Linux Executive Summary VariaType is a Linux machine that rewards methodology over brute force. The attack chain combines virtual host discovery, source code analysis, vulnerability research, and multiple privilege escalation techniques to achieve full system compromise. Rather than focusing on a list of commands, this writeup explains the reasoning process behind each step and how each discovery leads naturally to the next stage of the attack. ...

Difficoltà: Medium OS: Linux (Debian 12) IP: 10.129.5.191 Categorie: CVE, Deserialization, Python Injection, Privilege Escalation Indice Panoramica Ricognizione Foothold — CVE-2023-43208 (Mirth Connect RCE) Lateral Movement — Crack hash PBKDF2 e accesso SSH come sedric Privilege Escalation — Python F-String Injection su notif.py Lezioni Apprese Panoramica La macchina Interpreter simula un ambiente ospedaliero reale che utilizza Mirth Connect, un middleware per l’integrazione di dati sanitari (standard HL7). La catena di attacco si compone di tre fasi principali: ...

Difficulty: Medium Operating System: Windows Executive Summary Eighteen is a Windows Active Directory machine that combines database misconfigurations, password reuse, and modern Active Directory abuse techniques to achieve full domain compromise. The attack begins with access to a Microsoft SQL Server instance, progresses through credential recovery and password reuse, and ultimately leverages the BadSuccessor technique to abuse delegated Managed Service Accounts (dMSA), resulting in Domain Administrator privileges. Attack Path MSSQL Access (kevin) → Login Impersonation (appdev) → Financial Planner Database → PBKDF2 Credential Recovery → Password Reuse → WinRM Access (adam.scott) → BadSuccessor (dMSA Abuse) → Kerberos Impersonation → DCSync → Domain Administrator Reconnaissance Service Enumeration Initial enumeration revealed a limited attack surface: ...