HackTheBox: Helix
This writeup is locked
It stays hidden until the box retires. Enter the password to read it.
Wrong password, try again.
Related writeups
HackTheBox: Postman
An Easy Linux box: an unauthenticated Redis 4.x instance writes an SSH key into the redis user's authorized_keys for a foothold, an encrypted /opt/id_rsa.bak cracks to computer2008 to reach Matt via su, and Webmin 1.910 falls to CVE-2019-12840 command injection (running as root) for a root shell.
Read
HackTheBox: Trick
An Easy Linux box: a DNS zone transfer leaks a preprod payroll vhost, a boolean SQL injection with the MySQL FILE privilege reads the nginx config to expose a second vhost, then a str_replace LFI bypass combined with SMTP mail-spool poisoning lands RCE as michael — and a writable fail2ban action plus a passwordless sudo restart escalates to root.
ReadHTB Fortress: Akerva
An 8-flag HTB Fortress, leaking a backup script over SNMP, bypassing auth with HTTP verb tampering, abusing a Flask LFI to forge the Werkzeug debugger PIN for RCE, then PwnKit to root and a Vigenère-encrypted final flag.
Read