Category: Offensive Security

HackTheBox: DevOops By By oR10n CTF, Offensive Security Hello everyone! In this post, we will be doing a retired box called DevOops. The name of the box is kinda silly and is a big hint on what we should look for while doing the box; blunders by dev guys. Now in reality, we can have so many security devices and so many security Read More

HackTheBox: Sunday By By oR10n CTF, Offensive Security Hello everyone! In this post, we will be doing a retired box known as Sunday. This particular box is one of the beginner friendly ones and I highly suggest that you do it if you’re a beginner in HTB. Read More

HackTheBox: Olympus By By oR10n CTF, Offensive Security Hello everyone! In this post, we’re gonna be doing the retired box Olympus. This one kinda have some CTFy feel to it but nonetheless still enjoyable and relevant. The initial vector seems to be a bit flaky depending on where you are located in the world but other than that, the box really is great. Read More

HackTheBox: Canape By By oR10n CTF, Offensive Security Hello everyone! In this post we will be doing the newly retired box Canape. I find this box very interesting as it teaches individuals techniques on how to exploit vulnerabilities in cPickle, CouchDB, and pip. I’ve never used cPickle or CouchDB before so this was a huge learning experience for me. Let’s begin. Read More

HackTheBox: Poison By By oR10n CTF, Offensive Security Hello everyone! In this post, we will be doing the newly retired box Poison. This particular box is very interesting as it features a technique that is very useful when it comes to gaining an initial foothold on a machine. Meanwhile, the privilege escalation part is a bit easy when you’re familiar with password file Read More

HackTheBox: Stratosphere By By oR10n CTF, Offensive Security Hello everyone! In this post, we will tackle the newly retired box from HTB known as Stratosphere. Stratosphere is a fairly straightforward and interesting box due to the fact that the initial vulnerability we’ll exploit is related to the Equifax breach last 2017. Moreover, getting root is interesting as well since we’ll be exploiting a Read More

HackTheBox: Celestial By By oR10n CTF, Offensive Security Hello everyone! In this post, we will work on the newly retired box Celestial.This machine is one of the easier machines out there but we can still learn new things from it. For instance, this is the first time that I learned about and exploited a Node.js Deserialization vulnerability. Let’s get to it! Read More

HackTheBox: Silo By By oR10n CTF, Offensive Security Hello everyone! This time, we’ll work on the newly retired box Silo. This box is really interesting as it teaches individuals techniques to exploit Oracle database in order to gain an initial foothold. The privilege escalation part is somewhat unique as it integrates the need for memory forensics in order to escalate our privileges in Read More

HackTheBox: Valentine By By oR10n CTF, Offensive Security Hello everyone. In this post, I will walk you through my methodology for rooting a box known as “Valentine”. This is a valentines special box and is quite fun to do. The initial access can be a bit tricky depending on your knowledge but the privilege escalation part is fairly straightforward. Read More

HackTheBox: Jeeves By By oR10n CTF, Offensive Security Hello everyone. In this post, I’ll be discussing my methodology for rooting a box known as Jeeves. This is a fun box that will teach you on how to exploit Jenkins servers with no passwords, some techniques on how to transfer files to a Windows box, how to crack keypass database files, how to perform Read More