0xczar – Medium

Jan 15, 2021

Admirer — Write-up — HackTheBox

Admirer Box is a retired Easy-rated Linux Machine, who deals with exploiting a web database interface, which in fact doesn’t require any creds. For the PrivEsc we used the fact that a non-privilege user can change the path of PYTHONPATH in order to allow us to hijack Python Library. Recon nmap…

8 min read

8 min read

Dec 9, 2020

October — Write-up — HackTheBox

Box Creator:ch4p October Box is a retired Medium-rated Linux Machine, who deals with Octobers CMS, Buffer Overflow and ASLR Brute Forcing. OK so first things first, let’s start our Reconnaissance. Reconnaissance echo '10.10.10.16 october.htb' >> /etc/hosts export IP=october.htb nmap -vv -sV -sT -p- -O -A -oN nmap_scan.txt $IP PORT…

7 min read

7 min read

Nov 28, 2020

Shocker Write-up — HackTheBox

This is the first HTB Write-up on the road to OSCP. Box creator: mrb3n. Shocker Box is a retired Easy-rated Linux Machine, who deals with Apache mod_cgi — ‘Shell-shock’ Remote Command Injection Exploit, which can be done using msf or the python script here https://www.exploit-db.com/exploits/34900. Initial Enumeration: echo ‘10.10.10.57 shocker.htb’ >> /etc/hosts export…

4 min read

4 min read