Posts

In today’s write-up we’re looking at “Networked”, another Hack the Box machine rated as easy. We’ll start by finding relevant files via a directory brute-forcer, go on to read some PHP code and then exploiting a file upload feature. Command injection through a file name gives us a proper user shell, and in a second step, through network-scripts, a root shell. Enjoy! Recon We start with an nmap scan, just like in the last write-up, and see just two ports open: ...

A while back I signed up for hackthebox.eu, but then somehow left the account sitting idle for quite some time as I was busy with work and doing my eCPPT. Having finished the PTP course and some free time available, I started to do some of the active machines and yesterday – after getting VIP access – also some of the “retired” boxes. As posting write-ups for retired machines is “fair game”, I thought I’d start a blog series of walk-throughs. ...

If you want to debug/inspect/analyze SSL/TLS traffic made by curl, you can easily do so by setting the environment variable SSLKEYLOGFILE to a file path of your choice (for storing the secrets), and then point Wireshark to use this file. Let’s see how: In Wireshark, go to Edit -> Preferences -> Protocols -> SSL -> (Pre)-Master-Secret log filename, and set the path: Then start the Wireshark capture. In your shell, you can now set the environment variable and make a request: ...

I recently bought an Intel NUC8i7HVK to work as an ESXi host. In this post I walk you through the process of installation and initial setup. Hardware The NUC8i7HVK is the top-of-the-line model of the NUC kits and comes with an i7-8809G processor. It ships with neither memory nor storage, so picked up the following additional components: 2 x Samsung 32 GB DDR4-2666, SO-DIMM (M471A4G43MB1-CTD) 1 x Intel SSD 660p Series 1.0 TB, M.2 80 mm (SSDPEKNW010T8x 1) 1 x SanDisk Ultra Fit 16 GB (SDCZ430-016G-G46) An interesting fact to note: in the official specs, Intel mentions 32 GB as the maximum memory size. However, with 32 GB sticks now readily available and 64 GB being listed as the maximum memory size for the i7-8809G, I gave it a shot and installed 2 x 32 GB of RAM. It worked without issues. ...

TL;DR: Pivot by setting up a portproxy between your machine and a machine in another network using netsh interface portproxy add v4tov4 listenport=<port in> connectport=<port out> connectaddress=<destination>. Let’s say machine A has access to a Windows machine, B, which has an additional interface configured to reach machines in another (internal) network, including machine C. As our machine A cannot directly talk to machine C and vice versa, what can we do to pick up files hosted on our machine A from machine C, or do further reconnaissance of C from A? ...