RGROSEC
open-menu closeme
Home
About
github linkedin

  • Hack The Box - Timelapse Walkthrough

    calendar Aug 21, 2022 · 6 min read · Hack the Box Windows  ·
    Share on: twitter facebook linkedin copy
    Hack The Box - Timelapse Walkthrough

    Welcome back! Today we are going to solve the Timelapse machine from Hack The Box. Timelapse is an easy box which focuses on accesible SMB shares and a lot of hash cracking to get the initial foothold. We then find configuration files that allow us to login to the system as the administrator user. Foothold Let's start …


    Read More

  • Hack The Box - Undetected Walkthrough

    calendar Jul 19, 2022 · 16 min read · Hack the Box Linux  ·
    Share on: twitter facebook linkedin copy
    Hack The Box - Undetected Walkthrough

    Today we will be taking a look at the medium box "Undetected" from Hack The Box. The foothold for the box can be found through a vulnerable php script in a directory that should not be world accessible. The script allows for remote code execution onto the box as the www-data user. We then escalate to user by …


    Read More

  • Hack The Box - Meta Walkthrough

    calendar Jun 12, 2022 · 14 min read · Hack the Box Linux  ·
    Share on: twitter facebook linkedin copy
    Hack The Box - Meta Walkthrough

    Welcome to my Hack The Box walkthrough for the "Meta" box. The box is considered to be of medium difficulty. Meta requires you to perform DNS virtual host enumeration, identify the inner workings of an image upload functionality, and exploit this to get a foothold. We then find a vulnerable version of …


    Read More

  • Hack The Box - Timing Walkthrough

    calendar Jun 4, 2022 · 11 min read · Hack the Box Linux  ·
    Share on: twitter facebook linkedin copy
    Hack The Box - Timing Walkthrough

    Today we will be taking a look at Timing from Hack the Box. Timing is considered to be of medium difficulty, and requires the usage of a local file inclusion to eventually find credentials for the box. We then find an application that we can run with sudo permissions, and misuse it to gain root access. Foothold Let's …


    Read More

  • Hack The Box - Unicode Walkthrough

    calendar May 7, 2022 · 7 min read · Hack the Box Linux  ·
    Share on: twitter facebook linkedin copy
    Hack The Box - Unicode Walkthrough

    Hello everyone, today we are going to take a look at Unicode from Hack The Box. Unicode is a medium box that involves JWT manipulation, local file inclusion and a custom made application that can be used to access the root flag. Foothold As usual, we start off with an nmap scan to enumerate all ports, services and …


    Read More

  • Hack The Box - Shibboleth Walkthrough

    calendar Mar 31, 2022 · 7 min read · Hack the Box Linux  ·
    Share on: twitter facebook linkedin copy
    Hack The Box - Shibboleth Walkthrough

    Today we will be taking a look at "Shibboleth" from Hack the Box. To get get a foothold onto the box we first exploit the vulnerable-by-design IPMI protocol to obtain an administrator hash for Zabbix, and crack it. Through Zabbix we can execute local commands and obtain a shell. We can then use a recent …


    Read More

  • Hack The Box - Backdoor Walkthrough

    calendar Mar 29, 2022 · 3 min read · Hack the Box Linux  ·
    Share on: twitter facebook linkedin copy
    Hack The Box - Backdoor Walkthrough

    Welcome to my walkthrough for the "Backdoor" machine from Hack The Box. Backdoor is considered to be an easy box. We get a foothold onto the box through the exploitation of a vulnerable web service running at an unusual port. We can then escalate privileges through a screen session that was still open, which …


    Read More

Featured Posts

  • Linux Detection Engineering - The Grand Finale on Linux Persistence Mechanisms
  • Linux Detection Engineering - Approaching the Summit on Persistence Mechanisms
  • Linux Detection Engineering - A Continuation on Persistence Mechanisms
  • Declawing PUMAKIT
  • Securing the edge: Harnessing Falco's power with Elastic Security for cloud workload protection
  • Cups Overflow: When your printer spills more than Ink
  • Betting on Bots: Investigating Linux malware, crypto mining, and gambling API abuse
  • Linux Detection Engineering - A sequel on persistence mechanisms

Recent Posts

  • Linux Detection Engineering - The Grand Finale on Linux Persistence Mechanisms
  • Linux Detection Engineering - Approaching the Summit on Persistence Mechanisms
  • Linux Detection Engineering - A Continuation on Persistence Mechanisms
  • Declawing PUMAKIT
  • Securing the edge: Harnessing Falco's power with Elastic Security for cloud workload protection
  • Cups Overflow: When your printer spills more than Ink
  • Betting on Bots: Investigating Linux malware, crypto mining, and gambling API abuse
  • Linux Detection Engineering - A sequel on persistence mechanisms

Categories

ELASTIC 11 DETECTION-ENGINEERING 8 WALKTHROUGHS 7 LINUX 5 PERSISTENCE 5 WEB-APPLICATION-HACKING 4 MALWARE-ANALYSIS 3 BINARY-EXPLOITATION 2 PRIVILEGE-ESCALATION 2 CVE 1

Tags

LINUX 18 ELASTIC 11 DETECTION-ENGINEERING 8 HACK-THE-BOX 7 HUNTING 5 PERSISTENCE 5 OWASP 4 WEBAPP 4 WINDOWS 4 MALWARE-ANALYSIS 3 BUFFER-OVERFLOW 2 PRIVILEGE-ESCALATION 2 AUDITD 1 CVE 1
RGROSEC

Copyright  RGROSEC. All Rights Reserved

to-top