Posts by Niels van Nieuwenburg

How to hack a box - Privilege Escalation

Posted on by  
Niels van Nieuwenburg

Welcome back to the final blog in de series "How to hack a box"! In this blog we’ll cover the basics of Privilege Escalation and see it in practice on the Blocky box from Hack The Box.

Let’s first go through our information which we’ve gathered in the previous step "Enumeration". This is what we’ve written down in our previous step:

  • We have access to user notch

  • A Minecraft server is started on every reboot in a screen session under user notch, which is a Java application

  • User Notch has used sudo before, and might’ve started a MySQL CLI session as root with it

  • A MySQL server is listening on port 3306 on localhost, which is running as user mysql

  • There might be some vulnerabilities in the OS or kernel which we can use

  • We can execute any command as any user with sudo

Continue reading →

How to hack a box - Enumeration

Posted on by  
Niels van Nieuwenburg

Welcome back to the blog series about how to hack a box! In the past few blogs we’ve gone through a few steps which gives you an idea of how you can hack a box. We went from the Introduction, to Exploration, to Gaining Access. In this blog, we’ll cover the basics of Enumeration.

DISCLAIMER: Never attempt to execute one of these steps on a machine where you don’t have explicit permission for from the owner. This is illegal and will get you in trouble.

Continue reading →

How to hack a box - Gaining Access

Posted on by  
Niels van Nieuwenburg

Welcome back to the blog series about how to hack a box! In this third post I’ll guide you through the second step: gaining access.

DISCLAIMER: Never attempt to execute one of these steps on a machine where you don’t have explicit permission for from the owner. This is illegal and will get you in trouble.

Continue reading →

How to hack a box - Exploration

Posted on by  
Niels van Nieuwenburg

Welcome back to the blog series about how to hack a box! In the first blog I gave an introduction into the steps and prerequisites on How to hack a box. In this second post I’ll guide you through the first step, which is exploration. We will execute the steps on an actual box in Hack The Box, called Blocky.

DISCLAIMER: Never attempt to execute one of these steps on a machine where you don’t have explicit permission for from the owner. This is illegal and will get you in trouble.

Continue reading →

How to hack a box - Introduction

Posted on by  
Niels van Nieuwenburg

Welcome to the blog series about how to hack a box! In this first post I’ll guide you through the global steps you can take to hack a box. The steps are universal, so you can use them on any target which you have permission for.

In the next few posts we’ll go through each step in detail and try to hack a box in Hack The Box, called Blocky.

Continue reading →

shadow-left