hackthebox

#theme-toggle, .top-link { display: none; } @media (prefers-color-scheme: dark) { :root { --theme: #1d1e20; --entry: #2e2e33; --primary: rgba(255, 255, 255, 0.84); --secondary: rgba(255, 255, 255, 0.56); --tertiary: rgba(255, 255, 255, 0.16); --content: rgba(255, 255, 255, 0.74); --hljs-bg: #2e2e33; --code-bg: #37383e; --border: #333; } .list { background: var(--theme); } .list:not(.dark)::-webkit-scrollbar-track { background: 0 0; } .list:not(.dark)::-webkit-scrollbar-thumb { border-color: var(--theme); } }

PicoCTF Web Exploitation Challenges

dont-use-client-side The website prompts us with a “Secure Logon” that has to be verified with valid credentials in order to proceed. If we take a look at the source code, we can see how the verify function works. function verify() { checkpass = document.getElementById("pass").value; split = 4; if (checkpass.substring(0, split) == 'pico') { if (checkpass.substring(split*6, split*7) == '723c') { if (checkpass.substring(split, split*2) == 'CTF{') { if (checkpass....

HackTheBox 'Delivery' Writeup

OS: Linux Difficulty: Easy Points: 10 The nmap scan shows an open SSH and HTTP port. On the corresponding website we can find a Helpdesk Application and a Mattermost. To actually access the helpdesk.delivery.htb server, the IP and servername has to be added to /etc/host on the local machine. Mattermost can be accessed over the URL http://:8065. Go to the support center and “Open a new Ticket”, upon submit you get an E-Mail Address associated with your ticket 7493836@delivery....

HackTheBox 'Ready' Writeup

OS: Linux Difficulty: Medium Points: 30 Release: 12 Dec 2020 Initial Access Nmap shows an open ssh and onscreen port. With the Onscreenport :5080 a website hosting Gitlab can be accessed. A short google search reveals a fitting CVE, https://www.exploit-db.com/exploits/49257. Download the code, register a user, gather the necessary data and run the script to get a shell with the git user. To get a prettier shell, run...