sudo abuse
-
Pingme Writeup from HackMyVM – Walkthrough
Pingme is a new machine from HackMyVM by a friend rpj7. This machine is actually very nice if you try the intended way to get the shell. There is another vulnerability (dirty pipe) in the machine as well (which is unintended as the author released the machine before the exposure of that vulnerability). That one… Continue reading
-
Blog Writeup from HackMyVM – Walkthrough
“Blog” is an easy machine from HackMyVM by d4t4s3c. If you have done many machines, this is a piece of cake. If you are new, I definitely suggest you do it on your own. The enumeration starts with enumerating the directories and finding a special blog. It has a file upload vulnerability and one can… Continue reading
-
Writeup of University from HackMyVM – Walkthrough
University is an easy machine from the HackMyVM platform. The author of the machine is SML. The machine’s main exploit is insecure file upload leading to remote code execution. The machine is fairly easy. “Writeup of University from HackMyVM – Walkthrough” Link to the machine Step 1: ARP Scan As usual, my enumeration began with… Continue reading
-
Preload – Writeup – HackMyVM – Walkthrough
Preload is an easy machine by my friend avijneyam from the HackMyVM platform. There are only two exploits one need to understand to get to theinitial root of the machine. Also, there are error messages in the web app that help us proceed forward. If you like my writeups, please consider tipping me in Ko-fi.… Continue reading
-
Serve Walkthrough – HackMyVM – Writeup
Serve is an easy machine from the HackMyVM platform by d4t4s3c. It’s a bit tricky to get the foothold but the remaining steps are pretty easy. Lastly, the machine works on VirtualBox. Continue reading
-
Isengard Writeup – HackMyVM – Walkthrough
Isengard is an easy machine from HackMyVM by bit. It works well on VirtualBox. As for the machine, we can get into the machine by using Remote Command Execution. Similarly, for the root part, we have to abuse the sudo permissions. Continue reading
-
Stagiaire – Writeup – HackMyVM – Walkthrough
Welcome to my writeup of a new machine from HackMyVM. Stagiaire is a hard machine by cromiphi. This is a very good machine and is worth trying. Similarly, it works better on VirtualBox. Also, make sure you change the RAM to 1 GB as the author has 3.5 GB by default for this VM. Continue reading
-
Family2 Writeup – HackMyVM – Walkthrough
Family2 is a very easy machine from HackMyVM. This is quite straightforward and no bruteforcing is required on this machine. As for the machine, it works better on VirtualBox but you might want to reduce the RAM allocation for it. Continue reading
-
Confusion – Writeup – HackMyVM – Walkthrough
Confusion is an easy machine by avijneyam from the HackMyVM platform. I like this machine personally. Also, it works quite well on VirtualBox. The exploitation starts with an insecure feature of python2 and a little bit of enumeration inside the machine. However, a better enumeration can save one from these steps. Nevertheless, I will show… Continue reading
-
Method – Writeup – HackMyVM – Walkthrough
Method is an easy machine by avijneyam from the HackMyVM platform. This machine requires a bit of enumeration and understanding of web technology. Once we get the foothold, this is a piece of cake. The machine works quite well on VirtualBox. “Method – Writeup – HackMyVM – Walkthrough” Link to the machine: https://hackmyvm.eu/machines/machine.php?vm=Method Identify the… Continue reading