./writeups

HackTheBox write-ups

Every box, recon to root. Real techniques, copy-paste commands, and the reasoning behind each move.

Linux

Cap

Cap is a security-dashboard web app with an IDOR that lets me download another user's packet capture. The PCAP leaks FTP/SSH crede...

diff: Easy pts: 20 rel: Jun 2021 read: 8m
#idor #pcap #wireshark #ftp
Linux

Laboratory

Laboratory starts with a GitLab instance vulnerable to an arbitrary file read chained to RCE (CVE-2020-10977). After a shell in th...

diff: Easy pts: 20 rel: Dec 2020 read: 10m
#gitlab #cve-2020-10977 #rce #sudo
Windows

Forest

Forest is a Windows DC where anonymous LDAP/RPC enumeration yields users, one with Kerberos pre-auth disabled. I AS-REP roast and...

diff: Easy pts: 20 rel: Oct 2019 read: 12m
#active-directory #as-rep-roasting #bloodhound #dcsync