Armageddon htb writeup. port nmap Jul 6, 2021 · In this blog post, I would like to explain my methodology that I used for pwning the Armageddon box. Hope you like it. eu, and part of TJNull’s recommended OSCP prep list. port nmap Apr 30, 2021 · Armageddon: HackTheBox Walkthrough Description Back after a long time with another HackTheBox machine walkthrough. Then, will have to crack a credential stored in the CMS database to become brucetherealadmin. Explore and tackle diverse cybersecurity challenges with Hack The Box's interactive platform designed for skill enhancement and professional growth. snap brucetherealadmin@armageddon. 021s latency). 57 where the patches the previous version will be found , i know drupal 7 is at its end of life because there was this rce that took almost Jul 24, 2021 · Armageddon-HTB Walkthrough by Shubham Pandey Armageddon machine from Hack The Box focuses on Drupal exploitation and has a fancy service to exploit for privilege escalation. I ususally try to… Conversor eval EXSLT hackthebox HTB libxslt linux Perl perl config perlcritic XSL XSLT XSLT extension elements XSLT injection 2 Previous Post HTB Writeup – Hercules Armageddon HTB Write-Up One of the first things I do whenever looking at a new machine is check out the website to see what's on it, so with Armageddon I did the same. And also, they merge in all of the writeups from this github page. This user is allowed to install Jul 23, 2021 · Armageddon is a CentOs easy machine from HackTheBox where you will have to exploit a famous vulnerable CMS. Details This machine is Armageddon from Hack the Box Recon kali@kali:~$ nmap -sV -p- 10. Skills Required: Basic web application testing XSLT injection knowledge Database enumeration Hash cracking Sudo 3 days ago · Hack The Box - Season 9 HTB Giveback Writeup - Easy - Weekly - November 1th, 2025 For this reason, we have asked the HTB admins and they have given us a pleasant surprise: in the future, they are going to add the ability for users to submit writeups directly to HTB which can automatically be unlocked after owning a machine. x Module Services – Remote Code Execution Armageddon HTB Write-Up Drupalgeddon2 – Yet Another Weapon for the Attacker Drupalgeddon & Sudo Snap Install - Armageddon @ HackTheBox Write-Ups for HackTheBox. Armageddon ethical-hacking HackTheBox HTB HTB Writeup By ingrata Contribute to bibo318/Writeup-HackTheBox development by creating an account on GitHub. 43. TL;DR (Spanish writeup) Creada por: bertolis. Alder About Armageddon In this post, I’m writing a write-up for the machine Armageddon from Hack The Box. It implies the drupalgeddon vulnerability and some permissive sudo permissions. From May 4, 2021 · It is not the monsters we should be afraid of; it is the people that don’t recognize the same monsters inside of themselves. io upvotes r/cybersecurity r/cybersecurity This subreddit is for technical professionals to discuss cybersecurity news, research, threats, etc. 1. Aug 7, 2021 · Armageddon was a quick little box that was a nice intro for beginners. Resumen: Enumeración de puertos y servicios vía Nmap Revisión y navegación por el activo web Jul 11, 2021 · $ scp myflagnow_1. Por tanto retomamos la sección y aquí vamos con el write-up de Armageddon. txt 10. This digital parable New HTB writeup, this time demonstrating how one could take over a machine without ever executing code on that machine. We start by exploiting a vulnerability in Drupal to get a foothold with a low level user. CVE-2012-1823 CVE-2024-5932 Giveback GiveWp hackthebox HTB K8S K8s Enumeration K8s Secret Kubernetes pod Legacy CGI linux namespace PHP Deserialization PHP Object Injection PHP-CGI wodpress plugin wordpress WPProbe writeup 1 Previous Post HTB Writeup – Conversor Axura #define LABYRINTH (void *)alloc_page (GFP_ATOMIC) Jul 24, 2021 · HackTheBox: (“Armageddon”) — Walkthrough Hi People :D Today we gonna solve “Armageddon” machine from HackTheBox, an easy machine that focuses on Drupal exploitation and snap privilege … Jul 24, 2021 · Introduction Armageddon is a Easy difficulty Linux box based on a Drupal application vulnerable to Drupalgeddon2 (CVE-2018-7600), which allows to get a low privileged shell as the apache user. Shannon L. Next, I used gobuster for directory enumeration: That revealed the following ones: Jul 26, 2021 · Armageddon es una máquina de nivel fácil de HackTheBox. Cracking Armageddon HTB Write-Up One of the first things I do whenever looking at a new machine is check out the website to see what's on it, so with Armageddon I did the same. Pilgrimage - HTB Writeup May 20, 2025 Busqueda - HTB Writeup Jul 26, 2023 OpenSource - HTB Writeup Jun 26, 2022 Armageddon - HTB Writeup Jul 11, 2021 Schooled - HTB Writeup Jun 30, 2021 Horizontal HTB Writeup Bounty Hunter HTB Writeup Explore HTB Writeup Seal HTB Writeup Sink HTB Writeup Schooled HTB Writeup The Notebook HTB Writeup Contribute to bibo318/Writeup-HackTheBox development by creating an account on GitHub. 8KB/s 00:00 From here we just need to install the package and the flag should be delivered to us on a silver platter! May 4, 2016 · 43. Each writeup details the methodology used, tools applied, and personal reflections on the lessons learned. Apr 9, 2025 · i’d normally do more research and see advisories of 7. snap 100% 4096 28. 2. Learn cybersecurity tactics, tools, and methodologies used in penetration testing and ethical hacking. Jul 24, 2021 · Hack the Box Armageddon walkthrough: Drupalgeddon2 exploit, MySQL enumeration, credential reuse, and snap privilege escalation. Through MD5's ancient weakness and a backup tool crowned with sudo's blind faith, we witness the cascade from web interpreter to root throne. Not shown: 65533 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7. Armageddon. Let's begin with initial scan to find initial foothold attack vector for this machine. Recon 43. Jul 26, 2021 · This is a writeup about a retired HacktheBox machine: Armageddon publish on Mars 27, 2021 by Bertolis. May 4, 2016 · Armageddon — HackTheBox Writeup 0. We then do some basic enumeration to… Hackthebox weekly boxes writeups. I hope this would add some educational value for someone who is just starting up with penetration testing. Contribute to jahway603/Kyuu-Ji_htb-write-up development by creating an account on GitHub. htb to the /etc/hosts After that is done we can see that we have the possibility for LFI. Machine Info 43. I decided to transfer it here. Jugaremos con CVE s, romperemos Drupal7 para ejecutar comandos, las malas configuraciones se revelarán y finalmente nos aprovechamos de nuestros permisos para ejecutar un paquete snap malicioso y obtener el privesc. 0_all. Jul 25, 2021 · Writeup — HackTheBox — “Armageddon” Armageddon máquina retirada con sistema operativo Linux y clasificada como fácil; método para resolver esta máquina explotar los errores de … Getting TGT using secretdump for usernames got from smb dirs and using rpcclient to chnage the user password , got a zip file that was a memory dump and getting NTLM hash of user lsass mimikatz ad then admin is around dumping the ntds. . Apr 21, 2021 · Conclusion: Thank you for reading the write up. Feb 2, 2025 · Tony3 IT業従事者。2018年10月末よりシンガポール在住。 Center of Cybersecurity Knowledge Oct 28, 2024 · armageddon. Simply great! Jul 24, 2021 · Armageddon is a Linux based machine that was active since March 27th of 2021 to July 24th, on this machine we will exploit the well known Drupalgeddon vulnerability, crack the hash of the admin user of Drupal, and generate a malicious snap package that runs code when it’s installed so we can access as root. 6 (CentOS) service on port 80. Search Sign up Sign in Code : HTB | Write-up Xiaohai Wang 4 min read Apr 1, 2025 Jul 27, 2025 · Hack The Box - HTB Era Writeup - Medium - Season 8 Weekly - July 26th, 2025 A journey of stealth and insight, where each crafted command unveils hidden doors in the cyber realm, reminding us that mastery is achieved when precision meets creativity and chaos transforms into order. ¡Bueno bueno, a darle pues! Hola ;) en esta máquina inicialmente nos encontraremos con una versión de Oct 10, 2010 · Write-Ups for HackTheBox. Contribute to x00tex/hackTheBox development by creating an account on GitHub. Finally, you will have to install a trojan snap package in order to trigger the snap install hook, obtaining a new account with root privileges. Overview Machine … Armageddon HTB Write-Up One of the first things I do whenever looking at a new machine is check out the website to see what's on it, so with Armageddon I did the same. Read more → Read writing from Abdellah Lamine on Medium. Hack The Box is an online platform to train your ethical hacking skills and penetration testing skills Armageddon is a ‘Medium’ rated box Jul 25, 2021 · HTB badge Machine IP: 10. 101. Contribute to zhsh9/HackTheBox-Writeup development by creating an account on GitHub. An easy box that used a Drupal exploit followed by Dirty Sock, an exploit of snap running as root. En esta maquina nos aprovechamos de una vulnerabilidad del gestor de contenidos Drupal. These writeups will explain my steps to completion, along with the tools and techniques that I used. 12 Network Mapper nmap -T4 -p- -A -v -oN . Aug 21, 2025 · HTB Writeups 28 Conversor [Easy] Oct 27, 2025 Hercules [Insane] Oct 23, 2025 Signed [Medium] Oct 6, 2025 DarkZero [Hard] Oct 6, 2025 Imagery [Medium] Oct 3, 2025 Expressway [Easy] Sep 20, 2025 Soulmate [Easy] Sep 11, 2025 Guardian [Hard] Sep 2, 2025 Previous [Medium] Aug 24, 2025 Lock [Easy] Aug 21, 2025 Environment [Medium] Aug 19, 2025 Document HTB_Armageddon-d0n601. 233 which output the following Nmap scan report Write-Ups for HackTheBox. I checked the site and found a giant chicken on the main page! I wasn't familiar By piratemoo Crypto 839: Intro to Notes C1-2 How do Alice/Bob communicate without Eve eavesdropping? Armageddon HTB Armageddon is rated as easy machine, however this machine can give you interesting attack vectors to try. ,Máquina Armageddon de Hack The Box - INFAYER. I checked the site and found a giant chicken on the main page! I wasn't familiar By piratemoo Crypto 839: Intro to Notes C1-2 How do Alice/Bob communicate without Eve eavesdropping? armageddon. First add megahosting. 129. Jul 26, 2021 · I just want to spend some time on HTB again. Feb 24, 2025 · Since it is retired, this means I can share a writeup for it. Archives 2025 20 May Pilgrimage - HTB Writeup 2023 26 Jul Busqueda - HTB Writeup 2022 26 Jun OpenSource - HTB Writeup 2021 11 Jul Armageddon - HTB Writeup 29 Jun Schooled - HTB Writeup Oct 10, 2010 · Write-Ups for HackTheBox. Happy Hunting. Let’s dive in to this walkthrough and see the… Armageddon is an easy difficulty machine. Armageddon 43. Jun 17, 2025 · Hack The Box - HTB Sorcery Writeup - Insane - Season 8 Weekly - June 14th, 2025 Between the cryptic echoes of open ports and encrypted streams lies a digital zen—a meditative revelation in each scan, urging us to see the hidden poetry of the cyber realm. Getting initial access to the machine was as simple as running a PoC exploit against a vulnerable Drupal version. Just add armageddon. Once on the box, the apache user was capable of running MySQL queries, from which you can find an easily crackable password hash of the brucetherealadmin user. md","contentType Jul 24, 2021 · Máquina Linux nivel fácil. 233 System IP: 10. An nmap scan against the target reveals port 22 open Oct 25, 2025 · HTB Conversor - Linux Easy Box Writeup Summary Conversor is an easy Linux box that involves exploiting an XSLT injection vulnerability to achieve code execution, followed by database enumeration for privilege escalation to user, and finally abusing sudo permissions for root access. 4. doing things Every day, Abdellah Lamine and thousands of other voices read, write, and share important stories on Medium. Local enumeration allowed to identify MySQL credentials inside a Drupal configuration file and get access to various databases from which it is possible to extract usernames and relative hash. md","path":"armageddon/write-up-armageddon. CTF simple quick writeup. This walkthrough is intended for educational purposes only. Feb 11, 2022 · In this Article, we’ll be attacking Armageddon— a retired machine on Hackthebox. Hackthebox Htb [brucetherealadmin@armageddon ~]$ sudo -l\n\nUser brucetherealadmin may run the following commands on armageddon:\n (root) NOPASSWD: /usr/bin/snap install *\n Armageddon HackTheBox WalkThrough - Ethicalhacs. And my chance it was very easy machine i got it. Oct 10, 2011 · Write-Ups for HackTheBox. github. Jul 24, 2021 · My writeup for the HacktheBox Armageddon machine. Siendo una máquina categorizada como ‘ easy ‘ no presentó mucha dificultad, sin embargo siempre se aprenden nuevas cosas en Hack The Box. io Let's start with gaining some information about the HTB Armageddon machine using nmap: This shows that an SSH service is running on port 22 and an Apache httpd 2. htb:~ brucetherealadmin@armageddon. Notes and reports from HTB boxes. From here you need to do some steps. org ) at 2021-03-28 20:28 BST Nmap scan report for 10. /Nmap. 192 Host is up (0. May 4, 2016 · Machines, Sherlocks, Challenges, Season III,IV. An exploitable Drupal website allows access to the remote host. 91 ( https://nmap. Contribute to 0xarun/Write-ups development by creating an account on GitHub. 16. 10. Contribute to Kyuu-Ji/htb-write-up development by creating an account on GitHub. 0. Recon. HTB Writeups 🛡️ This repository contains a collection of writeups for machines on the Hack The Box platform. If you get stuck somewhere please leave a comment and I will try to point you in the right direction. Recently Updated Schooled - HTB Writeup Armageddon - HTB Writeup OpenSource - HTB Writeup Busqueda - HTB Writeup Pilgrimage - HTB Writeup Repository of my CTF writeups. 2 documentation. gitlab. pdf, Subject Computer Science, from Autonomous University of Puebla, Length: 12 pages, Preview: Hack The Box ‑ Armageddon Ryan Kozak 2021‑06‑10 Hack The Box ‑ Armageddon 2021‑06‑10 Contents Introduction 3 Information Gathering Port Scan: nmapAutomator . htb>> mysql -u drupaluser -pCQHEy@9M*m23gBVj -e 'use drupal; select * from users' uid name pass mail theme signature signature_format created access login status timezone language picture init data Armageddon Write Up - thewhiteh4t thewhiteh4t. CVE-2018-7600 - Remote Armageddon HTB Write-Up Aug 20, 2025 · Hack The Box - HTB CodeTwo Writeup - Easy- Weekly - August 20th, 2025 In the realm where JavaScript breaks free from js2py's illusory cage, CodeTwo reveals how sandboxes built on trust become doorways to forbidden Python realms. md","contentType Jul 5, 2025 · Comprehensive hacking notes for OSCP, PNPT, and Hack The Box (HTB). HackTheBox: Armageddon | My Journey First of all, i started to scan the open port using nmap Jul 25, 2021 3 Armageddon es un desafío con una complejidad fácil que verifica tus habilidades para explotar los errores de configuración de usuarios, enumeración, explotación de Drupal y la escalada básica de privilegios. MembersOnline May 4, 2016 · 43. - HackTheBox/Armageddon/Readme. . 192 Starting Nmap 7. A step-by-step walkthrough of different machines "pwned" on the CTF-like platform, HackTheBox. Jul 11, 2021 · Armageddon - HTB Writeup Posted Jul 11, 2021 Updated May 20, 2025 By Trayson Combs 5 min read Jun 17, 2024 · Armageddon Writeup (HackTheBox) Disclaimer: This post was originally uploaded on 24/7/2021 on my github page. Contribute to AbdullahRizwan101/CTF-Writeups development by creating an account on GitHub. Contribute to bibo318/Writeup-HackTheBox development by creating an account on GitHub. Apr 21, 2021 · The website on port 80: The website on port 8080: After clicking on all the links on the port 80 website I found something interesting. 56 e Snapd - Exploit - HTB Armageddon Writeup Drupal 7. Lets get started Jul 24, 2021 · La verdad que la resolución de esta máquina fue bastante entretenida. dit file. Machine Info. This box is rated as an easy machine. 0) 80/tcp open http Apache Oct 10, 2010 · Write-Ups for HackTheBox. com Drupal 7. Oct 10, 2010 · Write-Ups for HackTheBox. Enumeration of the Drupal file structure reveals credentials that allows us to connect to the MySQL server, and eventually extract the hash that is reusable for a system user. htb>> mysql -u drupaluser -pCQHEy@9M*m23gBVj -e 'use drupal; show tables;' Tables_in_drupal actions authmap batch block block_custom block_node_type block_role blocked_ips cache cache_block cache_bootstrap cache_field cache_filter cache_form cache_image cache_menu cache_page cache_path comment date_format_locale date_format_type date I hope this write up helps you along the way if you are getting stuck. Using these credentials, we can connect to the remote machine over SSH. Write-Ups for HackTheBox. Jul 25, 2021 · Summary: HackTheBox’s Armageddon was a relatively easy box, so long as you didn’t fall down the rabbit hole. htb in you /etc/hosts file and start your … Dec 12, 2020 · Write-Ups for HackTheBox. htb's password: myflagnow_1. md at master · darth-web/HackTheBox Armageddon is an easy Linux box created by bertolis on Hack The Box and was released on the 27th of March 2021. Para la escalada de privilegios nos aprovechamos de un permiso de sudoers que nos permite ejecutar snap como superusuario, creamos un paquete de instalacion malicioso y conseguimos convertirnos en root. 4 (protocol 2. Contribute to d3nkers/htb-writeup development by creating an account on GitHub. The machines that I have chose See full list on 0xdf. Drupal é um CMS - Content Management System open source, ou seja, é um gerenciador de conteúdo construído em PHP. {"payload":{"allShortcutsEnabled":false,"fileTree":{"armageddon":{"items":[{"name":"write-up-armageddon. boh 5mfs65 xox 6sp aymzjx 36jkr emyd fnpal 2qe6 jd2