0xPThree

Pentester, HTB enjoyer
0-day contributor

Recent Posts

RedPanda - Hack The Box

RedPanda is a very cute easy-rated Linux machine from Hack The Box. I can see why it’s rated as easy, but for someone with limited Java experience I found it a bit rough on the root part. But as long as you take it nice and easy, and really make sure to have all your ducks in a row, you will root it without too much headache. Personally I found this box to be quite fun with the short stories about the different red pandas. The box is short box and straight to the point which I also enjoy. In the end I didn’t learn anything new, but I definitely refined my code review skills in Java.

StreamIO - Hack The Box

StreamIO is an medium-rated Windows machine from HackTheBox. For me this box was quite slow to start where I had to put a lot of time and energy into fuzzing and manually exploiting SQLi, but once I gained a foothold it was really fun and straight forward. In the end I’ve gained a deeper understanding of Active Directory and it’s ACLs, as well as never to trust sqlmap doing even the easiest of tasks. Yet again BloodyAD proves it’s worth as an amazing Active Directory Privilege Escalation tool.

Support - Hack The Box

Support is an easy-rated Windows machine from HackTheBox. Although it’s easy rating we’ll touch on two major areas - Active Directory and Binary Exploitation/Analysis, making it an very fun and interesing box. Personally I think the box is more towards medium rating rather than easy, but this probably rooted in my incompetence of Windows Active Directory. Throughout the box we’ll see tools such as dnSpy, BloodHound, bloodyAD, impacket and more.

Trick - Hack The Box

Trick is an easy-rated Linux machine from Hack The Box. For it’s rating it feel like this is a true ‘try harder’-type of box where you have to enumerate everything thoroughly before moving on. However once you’re set on the right path, the path is really straight forward and easy to understand. For me this wasn’t the most enjoyable box, almost a bit annoying even, but I learned something in the end nevertheless.

OpenSource - Hack The Box

OpenSource is an easy-rated Linux machine from Hack The Box. As the name suggests we’re met with an OpenSource project that have over shared, in making them vulnerable to code execution. The path to user is quiet unique and it alone makes this box very enjoyable! As a total git-noob I learned a lot through this box, and I can see why it would be rated as easy if you know your way around git, but for me I would rate this as medium.

Noter - Hack The Box

Noter is an medium-rated machine from Hack The Box. Even though it’s medium rating I found this box to be very straight forward with little to none rabbit holes, and thus I would rate it as easy. Doing this box I found a new tool in regards to JWT, and learned about certain MySQL functions.

Late - Hack The Box

Late is an easy-rated Linux machine from Hack The Box. In this box we’re met with one of my favorite exploit techniques - Server Side Template Injection (SSTI). The path from user to root is unique and embarrassingly enough something I’ve never encountered before. The box was good fun and I most certainly learned something useful that I will take with me to further tests.

Timelapse - Hack The Box

Timelapse is an easy-rated Windows machine from Hack The Box. The box is quiet realistic where you work your way to the initial foothold starting with some locked files on a open share. I struggled a bit on what to do with found certificates, but once figured out it was smooth sailing to Administrator. This wasn’t the most enjoyable box I’ve done, neither was it particularly bad.

Routerspace - Hack The Box

RouterSpace is an easy-rated Linux machine from Hack The Box. It is very different from other boxes as we’re tasked with compromizing a router apk-file. Personally I found the hardest part to be finding the tools needed for the job. Once everything was setup properly the path from foothold to user to root took about 20 minutes. Looking back I learned a lot from this machine, and it was quite fun to own. Would recommend!

Paper - Hack The Box

Paper is an easy-rated Linux machine from Hack The Box, themed around the TV Show ‘The Office’. In true ´The Office’ fashion we are met with Michaels incompetence and Dwights crazy ideas, compromizing the company security and giving us a foothold to Dwights Recyclops-server. I found the box to be very simple and straight forward, they path to user was very enjoyable and root had a fun little quirk. I warmly recommend this box! :)