After hitting a couple of the discrete challenges recently, it was time to get back to full pwnership. This medium rated box was the dish of the day. Where would be without a quick nmap to see the attack surface. Here’s a slightly snipped version of what was returned. Being […]
Who doesn’t enjoy a little reverse engineering? This Hack the Box reversing challenge is listed as ‘Easy’, and wants us to ‘find the password’. Let’s dive in… After unzipping the contents of the challenge we have a single ELF binary called exatlon_v1. It’s one we can’t immediately disassemble either, so […]
Illumination, a 20 point Hack the Box forensics challenge, asks the question “can you find the secret token?”. The back story is that a Junior Developer has just switched to a different source control platform. Theres a ZIP file to download, as with most of these challenges, which when inflated […]
The course for joining the SAS has sessions called a “Sickener”. These are where recruits are pushed and pushed, without any end in sight. Its as much a psychological battle as it is physical. Probably more the former in all honesty. This box is quite a close equivalent for the […]
This Windows challenge by Micah was a particularly meaty box with a lot of variety and some fairly real-world applications for what you learn. Our initial nmap scan showed we were dealing with a Windows DC running IIS 10. I used ffuf to see what things we might find on […]
For the first time I went after a machine very shortly after release. The Release Area gives you the chance to have the machine all to yourself on a standard VIP plan – a good enough reason if you ask me! Standard enumeration with nmap -A -oA htb -sV -sC […]
I started this off with some very standard enumeration, getting nmap and dirbuster up and running. There was clearly something web-like and interesting running on 5000/tcp but that wasn’t accessible from an external address. Also of interest was a reference that nmap discovered to ‘staging.love.htb’. It took me longer than […]