Bashed, an easy Linux box, has an easy foothold path that includes a built-in web shell followed by manipulating a file that is executed as root periodically on the machine.
HTB
A collection of 8 posts
Lame | Write-Up
Lame, an Easy-rated machine, takes advantage of outdated software for an easy exploit to root vulnerability.
Nineveh | Write-Up
Nineveh, a medium-rated machine from Hack the Box that takes advantage of different web servers susceptible to brute force attacks. Using both to interact with each other, we can exploit LFI to gain a foothold, followed by exploiting a binary running as root for privilege escalation.
Sense | Write-Up
Sense, an easy Linux machine, makes use of a vulnerable firewall. Enumeration of the machine reveals vulnerable portions of the firewall's interface, dropping us directly into a root shell.
Shocker | Write-Up
Shocker, an Easy-rated machine, is a very straight forward machine. As the name may hint, it is vulnerable to Shellshock, a vulnerability within CGI scripts to execute Bash commands. Privilege escalation is also straight forward by executing binaries with root permissions.