Cookie Consent by PrivacyPolicies.com
Posts
Padraignix's InfoSec Blog

HTB Craft machine walkthrough. A well designed moderate box from HTB that exemplified bad coding practice, sensitive data disclosures and token abuse into root.

HTB Wall machine walkthrough. An easy Linux machine from HTB that focused on RCE WAF bypass to establish an initial foothold then a direct pivot to root using a vulnerable suid binary.

HTB Heist machine walkthrough. Credential harvesting and spraying, dumping a running process to capture further credentials and a final credential spray to get Administrator access.

HTB Chainsaw machine walkthrough. Anonymous ftp connections, smart contract abuse, InterPlanetary File System and cracked password protected ssh private keys for user pivot. A loosely defined SUID file and PATH hijacking for root shell then finally leveraging root.txt's slack space to get the final flag.

HTB Networked machine walkthrough. Generally discussed as the easiest of the active boxes at time of retirement there is nothing particularly complex with getting to root.

HTB Jarvis machine walkthrough. Jarvis involved a SQL Injection and a web-shell for initial foothold into sudo and filter bypass to User pivot with a final systemctl abuse to pivot into root.