Certified
Certified is a medium difficulty Windows box that focuses on abusing Active Directory Discretionary Access Control Lists (AD DACL) and misconfigured certificate enrollment templates.
Certified is a medium difficulty Windows box that focuses on abusing Active Directory Discretionary Access Control Lists (AD DACL) and misconfigured certificate enrollment templates.
SteamCloud is an easy rated Linux box that is running a Kubernetes cluster. While relatively simple, I have no experience with Kubernetes so this was all new for me. This box includes exposed API ports, Kubernetes pod RCE, and creation of an attack pod for privilege escalation.
TwoMillion is an easy rated Linux box that was made to celebrate 2 million users on hackthebox. The box includes API enumeration and abuse, along with a vulnerability for the Linux kernel’s OverlayFS subsystem that allows an unprivileged user to escalate their privileges to root.
The WriteFreely server was relatively easy to set up and only took 2 hours until it was fully functional. I decided on WriteFreely because I wanted something very simple, lightweight, and that also supported markdown for posting write-ups for Hack the Box content.