Editorial from HackTheBox

By Mohammad Yassine in hackthebox on

The journey begins on Hack The Box, navigating through Season 5 Machines. It starts by exploiting a Server-Side Request Forgery (SSRF), which exposes access credentials in an endpoint, allowing you to pwn a machine. The response endpoint leaks critical information that leads to owning a user account. Following this, a…

Blurry from HackTheBox

By Mohammad Yassine in hackthebox on

This box was very interesting, starting with exploiting a vulnerability in the ClearML open-source platform, which is used to automate the development of machine learning solutions, to get a shell as a user. By exploiting CVE-2024-24590, we were able to gain initial access. The process involved creating and uploading a…

BoardLight from HackTheBox

By Mohammad Yassine in hackthebox on

This box involves exploiting Dolibarr 17.0.0 for remote code execution (RCE) as an authenticated user, gaining access as the www-data user. By understanding the exploit and examining the configuration files, credentials can be found to escalate privileges to user. Additionally, the system is vulnerable to CVE-2022-37706, which allows…

One click root | Runner from HackTheBox

By Mohammad Yassine in hackthebox on

The journey begins by using a custom word list to find a subdomain running TeamCity 2023.05.03, which is vulnerable to CVE-2023-42793. This vulnerability allows the creation of a privileged user without authentication. Next, a backup containing a private key is found, providing the first SSH access as a…

MonitorsTwo from HackTheBox

By Mohammad Yassine in hackthebox on

Box overview MonitorsTwo is an easy box created by kavigihan combining the exploitation of Cacti (CVE-2022-46169) as entry point then privilege escalation by exploiting the CVE-2021-41091. Initial foothold Add the IP to the hosts file Firstly, I will update the hosts file entry with the box hostname and its IP.…