Trick - Hack The Box
Trick is an easy-rated Linux machine from Hack The Box. For it’s rating it feel like this is a true ‘try harder’-type of box where you have to enumerate everything thoroughly before moving on. However once you’re set on the right path, the path is really straight forward and easy to understand. For me this wasn’t the most enjoyable box, almost a bit annoying even, but I learned something in the end nevertheless.
OpenSource is an easy-rated Linux machine from Hack The Box. As the name suggests we’re met with an OpenSource project that have over shared, in making them vulnerable to code execution. The path to user is quiet unique and it alone makes this box very enjoyable! As a total git-noob I learned a lot through this box, and I can see why it would be rated as easy if you know your way around git, but for me I would rate this as medium.
Noter is an medium-rated machine from Hack The Box. Even though it’s medium rating I found this box to be very straight forward with little to none rabbit holes, and thus I would rate it as easy. Doing this box I found a new tool in regards to JWT, and learned about certain MySQL functions.
Late is an easy-rated Linux machine from Hack The Box. In this box we’re met with one of my favorite exploit techniques - Server Side Template Injection (SSTI). The path from user to root is unique and embarrassingly enough something I’ve never encountered before. The box was good fun and I most certainly learned something useful that I will take with me to further tests.
Timelapse is an easy-rated Windows machine from Hack The Box. The box is quiet realistic where you work your way to the initial foothold starting with some locked files on a open share. I struggled a bit on what to do with found certificates, but once figured out it was smooth sailing to Administrator. This wasn’t the most enjoyable box I’ve done, neither was it particularly bad.
RouterSpace is an easy-rated Linux machine from Hack The Box. It is very different from other boxes as we’re tasked with compromizing a router apk-file. Personally I found the hardest part to be finding the tools needed for the job. Once everything was setup properly the path from foothold to user to root took about 20 minutes. Looking back I learned a lot from this machine, and it was quite fun to own. Would recommend!
Paper is an easy-rated Linux machine from Hack The Box, themed around the TV Show ‘The Office’. In true ´The Office’ fashion we are met with Michaels incompetence and Dwights crazy ideas, compromizing the company security and giving us a foothold to Dwights Recyclops-server. I found the box to be very simple and straight forward, they path to user was very enjoyable and root had a fun little quirk. I warmly recommend this box! :)
Pandora is an easy-rated Linux machine from Hack The Box. On this machine we’re forced to think outside of the box, or even inside to be precise. We get a foothold almost instantly and from there need to enumerate the local services and use tunneling to exploit them, which I find unique for an easy-rated machine. The $PATH to root has a nice little quirk that took me off guard, and in the end forced me to learn something valuable that I’ll take with me for future assessments. Was it fun though? Yes and no, it was decent and will keep you busy for a few hours.
Hancliffe is an hard-rated Windows machine from Hack The Box, and holy fuck is it hard! This is definitely one of the most challenging machines I’ve done, if not THE most challenging, and also most fun. There’s a lot going on here, SSTI, Parser Logic, Firefox Profiles but in the end it’s the reversing and binary exploitation parts that shine. I encountered my first ghidra disasembly error throwing me off guard for literally days. I’ve learned a lot throughout this machine and this is one of my most thorough writeups, so I hope it helps and that you learn aswell! :)
Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry’s standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book. It has survived not only five centuries, but also the leap into electronic typesetting, remaining essentially unchanged. It was popularised in the 1960s with the release of Letraset sheets containing Lorem Ipsum passages, and more recently with desktop publishing software like Aldus PageMaker including versions of Lorem Ipsum.