Ethernaut | Fallout

This blog is intended to uncover the level 2 fallout, showcasing how a developer typo can create a huge impact. The typo impacted the constructor function and converted the accessibility of the function to the public. The challenge focuses on a solidity constructor and is easier than the fallback challenge. Solidity Functions Like any other programming language, Solidity functions are self-contained modules of code that accomplish a specific task. Visibility Internal functions can only be called inside the current contract....

Ethernaut | Fallback

The Ethernaut is a Web3/Solidity based wargame inspired by overthewire.org, played in the Ethereum Virtual Machine. Each level is a smart contract that needs to be ‘hacked’ At the time of writing this post, 27 levels are active in the Ethernaut. This blog is intended to uncover the level1 fallback. To clear this level, the attacker has to exploit a poorly implemented fallback function and gain control of another smart contract....

HTB | Breadcrumbs

Breadcrumbs was a hard box with crumbs to connect. This box had an LFI, source code review, and upload bypass for user shell. The upload bypass was easy as pie, but the road had miles to go. The Root privilege escalation was tricky to achieve. As always Nmap was done and responded with lots of open ports Nmap scan report for 10.10.10.228 Host is up (0.19s latency). Not shown: 987 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH for_Windows_7....

HTB | Ophiuchi

Ophiuchi has no connections with the constellation Ophiuchus, it was a medium box with a YAML parser. It shared similarities with the machine Time in terms of the exploitation to provide the initial shell and raced to root via web assembly. The root section was an irksome task dealing with the compiling. The first enumeration is always a Nmap, and it identified two accessible ports. Nmap scan report for 10.10.10.227 Host is up (0....

HTB | Spectra

Spectra was an easygoing box, that joined the dots along the way, but it can be ranked as a medium box in terms of the process involved. The box had an admissible MySQL port, that was not witnessed commonly in hackthebox. Initial shell was achieved using WordPress shell upload.The privilege escalation was done via initctl that had sudo privileges. The Nmap scan gave three ports, in which the MySQL port stood out as unique....