Description Shoppy is an easy Hack The Box machine that features: Web application Authentication Bypass by using a NoSQL injection User Enumeration by using a NoSQL injection to obtain an user hashed password Service Enumeration to find a Mattermost instance which credentials to login in the machine User Pivoting by reverse engineering a password manager application Privilege Escalation by creating a Docker container with root permissions to create malicious binaries Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.180. ...

Description Health is a medium Hack The Box machine that features: Web application with Server Side Request Forgery vulnerability by using a proxy server and redirects Access to a vulnerable Gogs Git service vulnerable to SQL Injection Deploy of local Gogs server to find the SQL Injection payload for retrieving user data Password hash recognition and recovery Privilege Escalation by abusing Cron functionality of the web application executed by root user Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.176. ...

Introduction️ In this blog topics related to computer security and general computing will be treated with the experience and knowledge acquired over time. On computer security, specifically offensive, topics related to the preparation of technical articles, creation of tools, resolution of Hack The Box machines, software and hardware hacking, and reverse engineering will be covered.️ Offensive security refers to the process of identifying and exploiting vulnerabilities in computer systems with the aim of improving their security. This involves legal and ethical activities, such as participating in learning platforms like Hack The Box, where these skills can be practiced in safe environments.️ ...

Description Squashed is an easy Hack The Box machine that features: NFS share allow uploading files to a web server allowing Remote Command Execution NFS share allows reading X11 authentication cookie of another user Privilege Escalation by using a credential leaked in a screenshot from a X11 display Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.191. ...