Security Walay

Category: HTB Season 10

  • facts.htb HackTheBox machine - CMS exploit to root via facter RCE

    Facts HTB Writeup

    Umer F.

    Command: nmap -Pn -sS -A 10.129.88.88 Command: echo 10.129.88.88 facts.htb >> /etc/hosts Command: ffuf -u http://facts.htb/FUZZ -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -k -fc…

    Read More: Facts HTB Writeup
  • Devarea pwned

    DevArea HTB Writeup

    Umer F.

    Introduction DevArea presents a realistic development environment with multiple privesc vectors exploiting misconfigured services and world-writable system binaries. From anonymous FTP to Apache CXF XXE and Hoverfly middleware injection, this box tests reconnaissance, service…

    Read More: DevArea HTB Writeup
  • Kobold HTB Writeup

    Kobold HTB Writeup

    Umer F.

    Introduction Kobold is an Easy-rated Linux machine from HackTheBox Season 10 that showcases a realistic privilege escalation vector through Docker group misconfiguration and PAM session…

    Read More: Kobold HTB Writeup

  • VariaType HTB writeup

    Umer F.

    Command: nmap -sV -Pn IP Command: echo ” IP variatype.htb” >> /etc/hosts Command: ffuf -u http://variatype.htb/ -H “Host: FUZZ.variatype.htb” -w…

    Read More: VariaType HTB writeup

  • Interpreter HTB Writeup

    Umer F.

    Introduction The Interpreter box is designed to test a mix of web exploitation, cryptography awareness, Python code analysis, and privilege…

    Read More: Interpreter HTB Writeup

  • Pterodactyl HTB Writeup

    Umer F.

    Command: nmap -A -Pn -sC 10.10.X.X -o nmapresult Command: echo ‘10.10.10.10 Pterodactyl.htb play.Pterodactyl.htb nothing special, started doing ffuf, below is…

    Read More: Pterodactyl HTB Writeup