hack-the-box
Card image cap
Archetype

This was a good box to get back in the swing of things, it gave me a good challenge, and reminded me of how difficult it can be to google for Windows enum tools. Besides that, it was a good reminder of how to interact with SMB and showed me a new place to look for user command history in Windows.

Card image cap
Magic

This box was really cool for a few reasons. First off we bypass authentication using one of the OWASP Top 10, then continue to upload a reverse shell by tricking the web server into believing we are uploading a .

Card image cap
Remote

Remote was a very cool windows box that required us to discover a vulnerability in their CMS, after discovering an exposed file system that contained a backup. Once on the machine we can find out that there are some misconfigured privileges.

Card image cap
Traceback

This machine was challenging, but I learned a lot. I learned how to make “smarter” shells and how to upload the pspy script to a remote server. I wonder if I could have completed this machine without adding my public ssh key, because at the moment it is very identifiable.

Card image cap
Admirer

This was one of the first boxes I completed and it was difficult. It took me the longest time to enumerate the directories and finally find what I was looking for. Overall, I learned more about using my resources and double checking where I had thought I already looked.

Card image cap
Fuzzy

Fuzzy challenged the user on the basics of fuzzing and taught me how to use wfuzz and other techniques to learn information about my target machine. I suggest anyone who would like to learn about fuzzing take on this challenge.