HackTheBox

Writeup for HackTheBox’s Precious machine. # Nmap 7.92 scan initiated Wed Apr 19 09:13:16 2023 as: nmap -sV -sC -A -Pn -p 22,80 -o nmap_ports -vv -Pn 10.

This challenge on the HackTheBox was released recently, the archive attachment contains the following files: toxin: The binary ld-2.27.so and the libc-2.

This challenge was quite good, as someone who never really did egghunting shellcode, this was a good learning experience. So, the binary given s pretty simple, all the protections have been disabled except the PIE but, analysing the workflow, we can see that it reads shellcode and then execute that shellcode.

This box was without a second thought one of the favourite box of mine on HackTheBox so far, since I am more of a pwn and reverse engineering person, this machine was a challenge, an outstanding one which pushed my learning skills more further because upto the moment I really went into this, I was not a good at heap exploitation, more skeptical about the V8 exploitation skills of mine and of course I knew nothing of the kernel pwn, so this was a way to tackle every weakness of mine, hope you find the writeup useful, I’ll include the link of the attachments at the very bottom to my files, QEMU enviornment for the kernel pwn and the exploits, without further ado, let’s start.

This is a writeup of a retired Pwn challenge on HackTheBox, although I wanted to do it earlier but couldn’t get time for this writeup, so I will write it here.

Write-up for Bastion from hackthebox.eu Nmap #Starting off with nmap we use nmap -sV -sC -A 10.10.10.134 shows 22, 139, 445, 135 are open.

Today, we are going to pwn Friendzone from Hack The Box. Methodology # Nmap scan of the machine Checking SMB service and HTTP Using dig to get subdomians Uploading PHP reverse shell Callback the reverse shell by exploiting LFI(Local File Inclusion) Getting user flag and SSH credentials Using cronjob to get root flag Nmap #Starting off with the nmap, nmap -sV -sC -A 10.