HTB Bitlab machine walkthrough. A fun little box that has us work through gitlab based exploitation. From erroneously stored user credentials, to uploading and merging our own files to the project, to finally exploiting hooks to execute our own code as root, this box was a good overview of various gitlab functionality.
Hack the Box - Bitlab
Hack the Box - Craft
HTB Craft machine walkthrough. A well designed moderate box from HTB that exemplified bad coding practice, sensitive data disclosures and token abuse into root.
Hack the Box - Wall
HTB Wall machine walkthrough. An easy Linux machine from HTB that focused on RCE WAF bypass to establish an initial foothold then a direct pivot to root using a vulnerable suid binary.
Hack the Box - Heist
HTB Heist machine walkthrough. Credential harvesting and spraying, dumping a running process to capture further credentials and a final credential spray to get Administrator access.
Hack the Box - Chainsaw
HTB Chainsaw machine walkthrough. Anonymous ftp connections, smart contract abuse, InterPlanetary File System and cracked password protected ssh private keys for user pivot. A loosely defined SUID file and PATH hijacking for root shell then finally leveraging root.txt's slack space to get the final flag.
Hack the Box - Networked
HTB Networked machine walkthrough. Generally discussed as the easiest of the active boxes at time of retirement there is nothing particularly complex with getting to root.