Tag: Privilege Escalation
-
Curling – HackTheBox
Curling is an easy machine that required directory busting a web page to find a secret key to access a Joomla CMS admin panel. This allowed for code execution which led to our initial shell. From there we moved laterally by finding a hex dump, decoding it, and discovering a password. To achieve root access,…
-
Bolt – HackTheBox
Bolt is a Medium level machine on HTB that was recently retired. Nmap scan: Enumeration: Port 80 – HTTP There’s a pretty basic website with not many obvious paths, but I was able to download a copy of the docker file that is presumably being used to run the webserver, so saving that for now,…
-
Driver – HackTheBox
Started by running my standard nmap scan: So there’s an SMB server running and a web server. I couldn’t access the SMB server so I checked out the site and ran a gobuster scan in the meantime. I am presented with a login screen, so I go back to look at my nmap scan and…
-
LFI – TryHackMe
Link to the THM room I ignored scanning on this machine because I knew we were in the LFI room. If the IP had not returned a valid site though, I would have run a scan to determine the port where the web server was running. Once the IP was up, I checked out the…
A Cyber Journey 