Finally! The box with the print-nightmare vulnerability came on HackTheBox. Nowadays there are security patches available for this but in the beginning, it was a zero-day and also a POC available for the public. I’m going to showcase two possible ways, first a Remote Code Exection done via my local machine CVE-2021-1675 (RCE) and then a Local Privledge Escalation CVE-2021-1675 (LPE) done after getting the exploit to the box.…

Recon First of all let’s see what Hack The Box stated in their announcement on Twitter. Well not that many clues there. It’s a Windows machine and it’s supposed to be easy. Let’s see what other hackers reported about this box. Ok seems to be kind of real life with some CVE that can be used and also some elements of custom exploitation. Let’s start this up and get ourselves machine to attack.…

Recon First of all let’s see what information we can gather about this from the releas announcement on Twitter. Well, prettymuch nothing. Sometimes there’s a hint in the description but at least I can’t figure it out. Let’s start the machine and see what we get. So now we have an ip address for out target. Before I start to hammer it with evilness let’s take alook at the rating matrix.…

Recon Hack The Box arranged the Business CTF 2022 and Debugger Unchained is a web challenge that was ranked easy. The Business CTF is a special event for corporate teams so easy ranked stuff here does not really mean it’s for beginners. This is the info we got: Our SOC team has discovered a new strain of malware in one of the workstations. They extracted what looked like a C2 profile from the infected machine's memory and exported a network capture of the C2 traffic for further analysis.…