Posts
0xPrashant Blog
Cancel

Hackthebox Forwardslash writeup

Preview Image

Finding a new subdomain and a tricky lfi using php Wrapper and getting a users creds , Abusing a suid that is somehow linked to another file . Got user and analyzing a python script and getting pas...

Hackthebox Cascade writeup

Preview Image

This Box is currently in hackthbox active category , You can access the writeup only if you have the Administrator user ntlm in md5 format. For More information Go to http://0xprashant.github.io/p...

Hackthebox Sniper writeup

Preview Image

Identifying the RFI and exploiting it by executing our script using smb service and getting credentials of chris,Running command as chris and getting a Shell as chris.Best part of the machine to cr...

Hackthebox Remote writeup

Preview Image

Mounting the NFS and got a sfd file which contains a hash and cracking it with john and logged in to umbraco and after searching an exploit for it got a RCE and shell as user , abusing service uSoS...

Hackthebox Traceback writeup

Preview Image

This Box is currently in hackthbox active category , You can access the writeup only if you have the root flag of the machine.I cant reveal the box information due to hackthebox rules.Thanks

Hackthebox Oouch writeup

Preview Image

This is relatively an insane box , It revolves around the Oauth2 as feom which we get account linked to qtc (admin) using a SSRF and then a xss in which just gave we have to steal cookies of the us...

Hackthebox Book writeup

Preview Image

This box is currently active,So in order to read its writeup you should have the root hash Goto the following url to access the Writeup http://0xprashant.github.io/private/root.txt

Hackthebox Sauna writeup

Preview Image

Got usernames from the about page , performing a asreproast attack using GetNPusers.py and then cracking the hash with john , after login running winpeas and found autologon creds of svc_loanmgr , ...

Hackthebox Nest writeup

Preview Image

This machine is currently active on hackthebox wait until it gets retired or if you have owned it then you need to get the Administrator NTLM hash or the root password hash from the file /etc/shado...

Hackthebox Json writeup

Preview Image

Json is a medium level machine and its a very interesting machine and straightforward.This machine taught me many new things and i liked the box very much.Thanks to Htb and the creator.