HTB

Synopsis Cypher is a Medium Linux machine from HackTheBox that features a Cypher injection vulnerability in its web application login form, which allows for initial access via a reverse shell, lateral movement using credentials discovered in bash history, and privilege escalation by exploiting a sudo misconfiguration for the bbot binary to load a malicious custom module. ...

Sypnosis Scepter is a Hard Windows machine from HackTheBox featuring an exposed NFS share that contains user certificate files, which after being cracked, allow for initial access and a series of chained Active Directory Certificate Services (ADCS) abuses (ESC9 and ESC14) to pivot through multiple user accounts, ultimately gaining DCSync rights for full domain compromise. ...