Skip to content
Back to Blog

writeups · 1 min read

WriteUp - Valentine (HackTheBox)

Valentine write-up (HackTheBox): classic Linux machine that exploits Heartbleed (CVE-2014-0160) to extract Apache's RSA private key, then uses the key to connect via SSH and escalate to root with a vulnerable binary.

· Pablo Plaza Martínez · writeups

Today we bring a new writeup of Hackthebox. This time it’s Valentine

Valentine

Created by mrb3n Write-up By Ghostpp7
Ghostpp7-Valentine.pdf

This box it’snt even retired so this WriteUp will only be available for those who have root flag. At the time it is retired, the public writeup will be published.

Share:
Back to Blog

Related Posts

View All Posts »
WriteUp - Canape (HackTheBox)

writeups · 1 min

WriteUp - Canape (HackTheBox)

Canape write-up (HackTheBox). Intermediate Linux machine that exploits an insecure pickle deserialisation in Flask + CouchDB. Includes RCE via pickle payload, CouchDB enumeration, and escalation to root by abusing sudo pip install.

· Manuel López Pérez

WriteUp - Celestial (HackTheBox)

writeups · 2 min

WriteUp - Celestial (HackTheBox)

Write-up of Celestial (HackTheBox). Low-level Linux machine that exploits an insecure cookie deserialisation in Node.js (CVE-2017-16137) to obtain RCE, then escalates to root by abusing a cron job that executes an editable script.

· Manuel López Pérez

WriteUp – Aragog (HackTheBox)

writeups · 3 min

WriteUp – Aragog (HackTheBox)

Aragog write-up (HackTheBox): initial scan, XXE exploitation to read SSH keys, user access, WordPress modification to steal admin credentials and escalate to root. Intermediate level with a focus on XXE and creative post-exploitation.

· Pablo Plaza Martínez