Latest CTF Writeups
HTB - Usage
Usage was an easy linux box, the foothold was from a web server suffering from one of OWASP's top 10. The root flag was rather easy, it only required some basic beginner lever reversing.
HTB - bastard
Bastard had an interesting article written on the vulnerability that allowed us to get the initial foothold. Manual exploitation would've been better, but reading all about it was almost as equally informative. Root flag was pretty straightforward.
HTB - BountyHunter
BountyHunter was a good machine to practice one of OWASP's Top 10 web security risks to get a foothold. The root flag required some code analysis which was also interesting.
HTB - Toolbox
Toolbox was a good machine to practice using automated tools to exploit one of the most popular web vulnerabilities, spotting containers, and finding your way around to breakout of them.
HTB - Headless
Getting a foothold on Headless was a bit of a challenge for me, it required manipulating something that i wasn't aware could be manipulated, The Root Flag was pretty straighforward.
HTB - sauna
Sauna for me was a good introduction to attacks related to Active Directory, i also learned about some new tools for enumerating and exploiting vulnerabilities in AD.
HTB - Buff
Buff was a good machine to practice a different method of file transfer, i also discovered a new tool to redirect ports without credentials.
HTB - perfection
Getting a foothold on perfection wasn't cake, but eventually trying all existing methods i could get foothold. Escalating privileges made me re-visit the documentation for some interesting modes in very popular tool.
HTB - netmon
Netmon was a good machine to learn how to enumerate and thoroughly search for weaknesses in the services' versions, and once the vulnerability is identified, finding an existing exploit for it.
HTB - Optimum
Optimum was a nice box to learn the basic scripts that exist than enumerate vulnerabilities in a windows machine, how to transfer files to it and execute them.
HTB - legacy
Legacy was a rather simple machine, i learned that you have to use one of the many scripts and tools that exist to enumerate vulnerabilities in the services running in the machine instead of exploring every links you find googling the services's versions.
HTB - jerry
Jerry was a for me good introduction to MetaSploit Framework, Even though there are other means (manually) to exploit the vulnerabilities in this machine, i chose to do it using MSF to get used to this tool.
HTB - monitored
Monitored taught me some things about one of the most famous services in an IT infrastructure. Recon and enumeration were not all that obvious too, and reading the documentation to find ways and turnarounds to exploit vulnerabilities in the services was a good exercice too.
HTB - keeper
Keeper was a pretty straightforward box, addressed a recent vulnerability in a very popular tool, And showed how cleaning up after your tickets is important.