· Pablo Plaza Martínez · writeups  · 1 min read

WriteUp - Valentine (HackTheBox)

Valentine write-up (HackTheBox): classic Linux machine that exploits Heartbleed (CVE-2014-0160) to extract Apache's RSA private key, then uses the key to connect via SSH and escalate to root with a vulnerable binary.

Today we bring a new writeup of Hackthebox. This time it’s Valentine

Valentine

Created by mrb3n Write-up By Ghostpp7
Ghostpp7-Valentine.pdf

This box it’snt even retired so this WriteUp will only be available for those who have root flag. At the time it is retired, the public writeup will be published.

Share:
Back to Blog

Related Posts

View All Posts »

WriteUp - Valentine (HackTheBox)

Write-up de Valentine (HackTheBox): máquina Linux clásica que explota Heartbleed (CVE-2014-0160) para extraer clave privada RSA de Apache, y luego usa la clave para conectarse por SSH y escalar a root con un binario vulnerable.

WriteUp - Canape (HackTheBox)

WriteUp - Canape (HackTheBox)

Canape write-up (HackTheBox). Intermediate Linux machine that exploits an insecure pickle deserialisation in Flask + CouchDB. Includes RCE via pickle payload, CouchDB enumeration, and escalation to root by abusing sudo pip install.

WriteUp - Canape (HackTheBox)

WriteUp - Canape (HackTheBox)

Write-up de Canape (HackTheBox). Máquina Linux intermedia que explota una deserialización insegura de pickle en Flask + CouchDB. Incluye RCE vía payload pickle, enumeración de CouchDB y escalada a root abusando de sudo pip install.

WriteUp - Celestial (HackTheBox)

WriteUp - Celestial (HackTheBox)

Write-up of Celestial (HackTheBox). Low-level Linux machine that exploits an insecure cookie deserialisation in Node.js (CVE-2017-16137) to obtain RCE, then escalates to root by abusing a cron job that executes an editable script.