The journey begins on Hack The Box, navigating through Season 5 Machines. It starts by exploiting a Server-Side Request Forgery (SSRF), which exposes access credentials in an endpoint, allowing you to pwn a machine. The response endpoint leaks critical information that leads to owning a user account. Following this, a…
Learn how to securely set up SFTP jail on Linux with our step-by-step guide. Enhance file transfer security and restrict user access effectively.…
Admirer is an easy difficulty Linux machine that showcases a variety of security challenges. One key vulnerability is the web database interface Adminer, which is susceptible due to an underlying flaw in the MySQL protocol. This flaw can be exploited to gain access to the database, demonstrating the importance of…
The process begins by finding a reverse shell present on the box to get a reverse shell. Then, it involves pivoting to another user to own user using Lua. Finally, by exploiting a cleanup script running as root, we can obtain the root shell. Nmap scan Usually I start with…
OpenAdmin is an easy difficulty Linux machine that features an outdated OpenNetAdmin CMS instance. The CMS is exploited to gain a foothold, and subsequent enumeration reveals database credentials. These credentials are reused to move laterally to a low privileged user. This user is found to have access to a restricted…