Crocodile - Hack The Box
Crocodile is a machine of Starting Point of HTB. The machine has a FTP Service and a Website in Apache where isn’t possible connect without password to claim the flag.
Recent Posts
Crocodile - Hack The Box
Sequel - Hack The Box
Sequel is a machine of Starting Point of HTB. The machine has a Mysql Service and it’s possible connect without password to claim the flag.
Appointment - Hack The Box
Appointment is a machine of Starting Point of HTB. The machine has a PHP web app and the objetive is find a command injection vulnerability in the site to claim the flag.
Travel - Hack The Box
Travel is an awesome box from my ATeam teammates xct and jkr. The box has a code review part where we analyze the source code of a PHP web app to find a command injection vulnerability in a curl command. We then use the Gopher protocol to perform SSRF and write a serialized PHP payload into the memcache database. For the priv esc part, we manipulate attributes of a user in an LDAP database which is used by the NSS facility to extend the Linux authentication database.