Booj thoughts on security

HackTheBox - Nightmare

This machine was a worthy successor to Calamity. Whilst it didn’t test you to the same level with exploit development, it does require the tester to read what their exploits are doing, modify them for custom environments and understand the process at all steps. This is an invaluable skill that I’m glad the harder boxes test, as downloading an ... Read more

Pinky's Palace v3 Writeup

A rather different one from the usual, as in this writeup I’ll be tackling Pinky’s Palace v3 by @Pink_Panther. This is probably at around the Intermediate/Hard level, and it teaches some very important things about the way in which you approach your enumeration methodology (one which caught me out for a couple of days and required a nudge to mo... Read more

HackTheBox - Ariekei

Unbelievable! Some idiot disabled his firewall, meaning all the computers on floor Seven are teeming with viruses, plus I’ve just had to walk all the way down the motherfudging stairs, because the lifts are broken again! Here we’re going to dig deep into Ariekei, the winding maze of containers, WAF’s and web servers from HackTheBox. Enu... Read more

HackTheBox - Minion Error Code Exfiltration

This is a writeup of an alternative technique for Minion, which involves exfiltrating data via error codes. All credits for this technique go to @m0noc who actually made this work and used it to pwn Minion. The Situation In Minion we had command execution which returned the exit code of the command called. 0 for success and 1 for failure. In re... Read more

HackTheBox - Node

This writeup describes exploitation of the node machine on HackTheBox. Many thanks to @rastating for a fantastic box and @Geluchat for helping me craft the final buffer overflow. Chapters: Enumeration Privilege Escalation - Tom Privilege Escalation - Root Binary Analysis Arbitrary File Disclosure Command Executi... Read more