This was a pretty cool box which included finding an endpoint from a APK file and then exploiting a node application to get command execution. For the root part, we have to exploit the sudoedit vulnerability which was a pretty hot topic these days. User namp reveals two 2 open ports. …

This was a box that I learned the importance of enumeration. Really loved the realism of the box and the exploitation chain. User As usual, starting with nmap gave me 3 open ports. nmap -sV -sC 10.10.11.143 PORT STATE SERVICE REASON VERSION 22/tcp open…

Foothold I found 2 ports from my nmap. nmap -p- -v 10.10.11.140 PORT STATE SERVICE REASON VERSION 22/tcp open tcpwrapped syn-ack |_ssh-hostkey: ERROR: Script execution failed (use -d to debug) 80/tcp open tcpwrapped syn-ack |_http-title: Did not follow redirect to http://artcorp.htb | http-methods: |_ Supported Methods: GET HEAD POST |_http-server-header: Apache …

Timing was a cool box which I learned the importance of enumeration. The foothold part was a little bit frustrating to do but as a whole I loved the box. Kudos to @irogir Foothold Actually there were 2 methods to get the foothold, and the method I used was not the…

This was a box that was a perfect fit for a medium. Every step wasn’t too hard or easy. Every step had a little bit of thinking to do. I really liked this box for sure. Foothold My nmap found 2 ports. nmap -p- -sC -sV -A — min-rate=400 — min-parallelism=512…

This was a box that I didn’t like that much. It felt a little too CTF’ish to me. Despite that, I learned some cool things. User Nmap revealed 3 ports. nmap -p- -sC -sV -A --min-rate=400 --min-parallelism=512 -vv backdoor.htb PORT STATE SERVICE REASON VERSION 22/tcp…

This was a cool box that I enjoyed playing. Learned some new things as well. I liked this box very much because every step of this box felt new. Thanks to knightmare & mrb3n. Foothold/User My initial nmap scan revealed only one port. nmap -p- -sC -sV --min-rate=400 --min-parallelism=512 -vv shibboleth.htb …

This was far most on of the coolest easy boxes I encountered in Hackthebox. This had a really nice and unique attack path which I loved. User Just like always, I started with nmap. PORT STATE SERVICE REASON VERSION 22/tcp open ssh…

Apache APISIX is a dynamic, real-time, high-performance API gateway. It provides traffic management features such as load balancing, dynamic upstream, authentication, canary release etc. On June 16, 2021, Apache officially released a Remote Code Execution vulnerability in Apache APISIX version prior to 2.12.1 . An attacker can abuse the batch-requests…