I have exactly one write-up for this CTF. The challenge chosen was a Fullpwn, specifically a machine called Volnaya. An enumeration of the machine with nmap reveals port 22 offering SSH services, and port 80 with an nginx web service. A peek at the web site showed nothing of any […]
This challenge from the competition was a “fullpwn“, which essentially meant it was a traditional Hack The Box challenge which required you to get both the user and root flags. This one was graded as “very easy” and for once I’d agree with that. The box was running a web […]
This challenge from the CTF was hosted in a Docker container which was running an http server. Browsing to the site revealed a webpage, but no links on the page went anywhere. This sounds like a job for gobuster: The ‘dashboard’ endpoint was interesting, but needed authentication, so I took […]
OpenSource is an ‘easy’ recent box that I started just as it was coming to the end of its time in the Release Arena. It took me a while longer than I would have liked. So long in fact, it had dropped into the regular area with a different IP […]
This weeks exciting episode of Hack The Box was breaking into RouterSpace, a very easy box that took longer than it should. I ended up with a pair of speed bumps. One was because I couldn’t get an Android emulator running on my usual Kali box in the way I […]
Around a decade or so ago Chris Tarrant used to be the host of a show called Who Wants To Be a Millionaire? shown on ITV in the UK. This show has become a franchise sold worldwide, so wherever you are reading this, you’ve probably seen an incarnation on your […]
It’s been a few months since we popped a shell on Hack The Box. I didn’t fancy a migraine today though, so it’s just an easy box we’re going after. Starting with some basic enumeration, I ran nmap which never seemed to complete for some reason. I wasn’t really waiting […]
After a little bit of a holiday, I needed to get myself sharpened up again and so this ‘easy’ box was chosen for pwnage. One of my colleagues joined me for the first part of this exercise and we had a look at the foothold together. Sorry to disappoint, but […]
It was time for a forensics challenge today. The description suggested to me we’d be digging out the floppy disc for Volatility, a great tool for digging information out of memory dumps: Suspicious traffic was detected from a recruiter’s virtual PC. A memory dump of the offending VM was captured […]
Forge is a medium rated box released within the last couple of weeks on the HTB platform. It’s also the target for today! We start off with an nmap to reveal the attack surface. We can see that ftp is present but not available to us and, other than OpenSSH, […]