Blocky writeup!

Here is another one of my writeups! This time Blocky: HackTheBox - Blocky writeup


I will have to play around with jad, I just unzipped the jar files, not nearly as clean. I have seen gobuster a lot lately, any benefits to use that instead of dirbuster or wfuzz?

nice write-up …
But u can escalate privilege using www-data shell also …
I have done both ways successfully.

Gl0b0 - any directory bruteforcer that works for you is fine. Personally I never used wfuzz and dirbuster has silly error pop up messages which get annoyoing after some time. Dirb can be used as an alternative but I like gobuster more because as provides threading support. Hope that helps!

Thanks for bringing that to my attention Agent22 - I will take a look into it. Once I find how (dunno when) I’ll add it in!

I used CVE-2017-6074, which isn’t really stable. Show a few other rabbit holes in my video, such as getting a shell through FTP. Which would have worked if the SSH was set to only allow cert based logins.

Thanks @ippsec , your video was awesome! Learnt a thing or two as always.

Nice writeups guys. I’d definitely recommend jd-gui for decompiling the jar. No need to extract any classes or anything when using it. Also @ippsec got it, (4.4.0 kernel doublefree) will work most of the time from what I have heard as a backup esc method. Some people mentioned having to modify it to grab the flag automatically, as it does make the machine very unstable.

@Agent22 How did you do that?
Uploaded the shell via Wordpress and then used the Creds or any Exploit?

@jinxbox check out the second half of ippsec’s video