Breadcrumbs
RLotto
Are you ready to win lottery? Guess the Random Lotto Numbers. It’s TIME you become a millionaire.
Monitor
Spritz javaScript SDK version 1.2.2
Cacti SQLi vuln
Cap
kali@kali:~/0.htb/machines/Cap$ ls /usr/sbin/*cap -l
-rwxr-xr-x 1 root root 14488 Oct 14 2020 /usr/sbin/getcap
-rwxr-xr-x 1 root root 14488 Oct 14 2020 /usr/sbin/setcap
Cereal
Cereal:gitTools
BabyEncryption
You are after an organised crime group which is responsible for the illegal weapon market in your country. As a secret agent, you have infiltrated the group enough to be included in meetings with clients. During the last negotiation, you found one of the confidential messages for the customer. It contains crucial information about the delivery. Do you think you can decrypt it?
Knife
knife: PHP 8.1.0-dev exploit
PersistenceIsFutile
Hackers made it onto one of our production servers 😅. We’ve isolated it from the internet until we can clean the machine up. The IR team reported eight difference backdoors on the server, but didn’t say what they were and we can’t get in touch with them. We need to get this server back into prod ASAP – we’re losing money every second it’s down. Please find the eight backdoors (both remote access and privilege escalation) and remove them. Once you’re done, run /root/solveme as root to check. You have SSH access and sudo rights to the box with the connections details attached below.
username: user
password: hackthebox
Time
jackson-databind exploitation
https://github.com/FasterXML/jackson-databind
Pit
https://cockpit-project.org/
seeddms document management system
snmp