Sense, an easy Linux machine, makes use of a vulnerable firewall. Enumeration of the machine reveals vulnerable portions of the firewall's interface, dropping us directly into a root shell.
Shocker | Write-Up
Shocker, an Easy-rated machine, is a very straight forward machine. As the name may hint, it is vulnerable to Shellshock, a vulnerability within CGI scripts to execute Bash commands. Privilege escalation is also straight forward by executing binaries with root permissions.
Sunday | Write-Up
Sunday, an Easy-rated machine, is one of my least favorite machines on Hack the Box. A foothold is found by brute forcing SSH and privilege escalation comes from racing against a cron job to execute a binary.
Traceback | Write-Up
Traceback is an Easy-rated machine from Hack the Box. Initial enumeration shows a webpage has been defaced by hackers, leaving us to piece together how they got in and potentially find doors left open. Initial enumeration in nmap reveals only SSH and HTTP open, forcing us to explore the website.
Magic | Write-Up
Magic, a Medium-rated machine, features an upload console hidden behind 302 HTTP redirect responses. Once on the machine, privilege escalation takes advantage of binaries running without a full system paths that can be manipulated to run from an updated $PATH environment.