My HackTheBox Time writeup (Jackson rce --> Weak permissions)

dirfuzz --> backup --> gpg --> creds --> ftp --> pw reuse --> nfs

A box featuring java deserialization multiple CVE's and a docker privesc

A box about pcap analysis and a SUID binary

A box about getting an RCE via LFI and Log Poisoning. Then abusing a cronjob that used a file with weak permissions. And then analysing a suid binary which used relative paths instead of absolute paths which made it vulnerable to path injection.

A box about user enumeration(I did it with the hint fuctionality), brute forcing and abusing a well-known sudo cve (pwfeedback bof)

Subdomain enum --> smtp --> phishing --> creds --> imap --> more creds --> ftp(upload a revshell) --> pypi privesc --> user.txt --> gtfobins --> root.txt

Rooting Blunder

My writeup for a hard linux box.

Traceback was a very enjoyable box. I used a little OSINT in the first part after I got in I used only manual enumeration techinques in order to get to the root user.