BoardLight from HackTheBox

This box involves exploiting Dolibarr 17.0.0 for remote code execution (RCE) as an authenticated user, gaining access as the www-data user. By understanding the exploit and examining the configuration files, credentials can be found to escalate privileges to user. Additionally, the system is vulnerable to CVE-2022-37706, which allows…

One click root | Runner from HackTheBox

The journey begins by using a custom word list to find a subdomain running TeamCity 2023.05.03, which is vulnerable to CVE-2023-42793. This vulnerability allows the creation of a privileged user without authentication. Next, a backup containing a private key is found, providing the first SSH access as a…

MonitorsTwo from HackTheBox

Box overview MonitorsTwo is an easy box created by kavigihan combining the exploitation of Cacti (CVE-2022-46169) as entry point then privilege escalation by exploiting the CVE-2021-41091. Initial foothold Add the IP to the hosts file Firstly, I will update the hosts file entry with the box hostname and its IP.…

DNS Shield for ads blocking and malwares

DnsShield is a powerful and user-friendly script designed to automate the updating process of blocklists for Dnsmasq. With DnsShield, you can effortlessly maintain an up-to-date and comprehensive blocklist, enhancing security and privacy by blocking access to malicious or unwanted domains.…