Undisclosed posts waiting to be released

Extension - Hack The Box

Extensionis a hard-rated Linux machine from Hack The Box. This is a very interesting machine that’s beautifully made, the attack surface is slim and there are a lot of rabbit holes to waste time on. Looking back on each vulnerability they all seem easy, but finding them all took a lot of time and effort - I think I spent around 25 hours in total on this box. Even though it took a lot of time, I really enjoyed it - especially the XSS part as it showcases the real dangers of XSS. I did learn a lot from this machine and I deeply recommend it to anyone!

UpDown - Hack The Box

UpDown is a medium-rated Linux machine from Hack The Box. Just as it’s name this box has it’s Ups and Downs. The path to foothold was very fun and fairly easy solved using python, I took my time to write a script to streamline the attack chain. However once on the box, both privilege escalation vectors from www-data to user, and user to root, was very underwhelming and solved in under 10 minutes total. For me this was an easy medium box, and I did enjoy most of it. I learned a few new things and but mostly deepened my knowledge about PHP.

Vessel - Hack The Box

Vessel is a hard-rated Linux machine from Hack The Box. I really really liked this box, it was straight to the point and not any real rabbit holes. The path to both user and root was easily identified, however getting there took a lot of research and some time spent bashing the head on the keyboard. There are scripting parts needed to complete this box, something that I am not very good at, but it was simple enough for even me to enjoy it. I was introduced to a few new tools and techniques, and learned a lot. This is an amazing box, I would recommend it to anyone that enjoys scripting or would like to learn.