In this post you will find a step by step resolution walkthrough of the Analytics machine on HTB platform 2023.
Analytics is an easy linux machine that targets the exploitation of a vulnerable server monitoring application present via a website and a vulnerable Ubuntu kernel version.
In this post you will find a step by step resolution walkthrough of the Codify machine on HTB platform 2023.
Codify is an easy linux machine that targets the exploitation of a vulnerable nodeJS library to escape a Sandbox environment and gain access to the host machine.
In this post you will find a step by step resolution walkthrough of the Forest machine on HTB platform 2023.
Forest in an easy/medium difficulty Windows Domain Controller (DC), for a domain in which Exchange Server has been installed. The DC allows anonymous LDAP binds, which is used to enumerate domain objects. The password for a service account with Kerberos pre-authentication disabled can be cracked to gain a foothold. The service account is found to be a member of the Account Operators group, which can be used to add users to privileged Exchange groups. The Exchange group membership is leveraged to gain DCSync privileges on the domain and dump the NTLM hashes.
In this post you will find a step by step resolution walkthrough of the Shocker machine on HTB platform 2023.
Shocker is an easy machine that demonstrates the severity of the renowned Shellshock exploit, a vulnerability discovered in 2014 which affected millions of public-facing servers.
In this post you will find a step by step resolution walkthrough of the Networked machine on HTB platform 2023.
Networked is an Easy difficulty Linux box vulnerable to file upload bypass, leading to code execution. Due to improper sanitization, a crontab running as the user can be exploited to achieve command execution. The user has privileges to execute a network configuration script, which can be leveraged to execute commands as root.
