Why lambda htb writeup. 미리 말씀 In this writeup, I’ll walk you through all the cloud challenges from HTB Business CTF 2025. 10. At the Beginning the machine provides us with some credentials admin/0D5oT70Fq13EvB5r with no other details. So let’s get into it!! In this writeup, I’ll walk you through all the cloud challenges from HTB Business CTF 2025. Dive into detailed write-ups on Hack The Box machines, AI in security, AWS pentesting, red teaming strategies, web app and WiFi hacking, network penetration testing, and more. txt Organization Port Scanning (using nmap) TCP Port Scan UDP Port Scan Service Enumeration Enumerating Apache HTTPD (80 TCP) Capture hidden flag in HackTheBox (HTB) Type Expetions with our software engineer's walkthrough. LazyHackers. Welcome to this WriteUp of the HackTheBox machine “Mailing”. It was a fun experience competing alongside our colleagues, as it also gave us the chance to collaborate across borders between the Indonesia and Singapore branches. htb, For this reason, we have asked the HTB admins and they have given us a pleasant surprise: in the future, they are going to add the ability for users to submit writeups directly to HTB which can automatically be unlocked after Explore comprehensive HackTheBox lab walkthroughs and write-ups for seasonal challenges. The app has a bot and its password is ungettable afaik. Practice your ethical hacking skills with HTB challenge flag format. This is a walkthrough of the Why Lambda Hack The Box challenge. Upon opening the page you see that the index has nothing more than a bunch of images and text In this box, I’ll start by finding an exposed git repo on the webserver, and use that to find source code for the site, including the AWS keys. Recon & identifying the service After we spawned the container for this challenge we got an IP Writeups for Hack The Box machines/challenges. Hello, my digital adventurers! Today, I will be sharing my write-up for the HackTheBox Sherlock challenge, “Origins”. More than 150 million people use GitHub to discover, fork, and contribute to over 420 million projects. Contribute to d3nkers/htb-writeup development by creating an account on GitHub. htb). A short summary of how I proceeded to root the machine: leaking the hMailServer configuration file obtained the password hash from HTB 2021 Uni CTF Quals - Epsilon writeup Tue, Nov 23, 2021 Medium Cloud TLDR Port 80 exposed a git repository Downloading it revealed the AWS credentials and the use of lambda functions The lambda function contains code with a JWT secret You can forge the authentication cookie with the JWT secret to login into the port 5000 website There is a Server Writeup for the Dashboarded challenge from HTB's Business CTF 2025. htb) and 6791 (report. 60 -F 表示 A template for my Hack The Box CTF writeups using pandoc and the pandoc latex template. Contribute to babbadeckl/HackTheBox-Writeups development by creating an account on GitHub. Hi, in this writeup i will write about how i solve Behind the Scenes challange on hackthebox academy reverse engineering category. Whether you're an ethical hacker, infosec enthusiast, or pentester, you'll find practical guides, tools, and insights to level up your skills. It was a very nice box and I enjoyed it. 제가 풀 때는 이거보다 높은 난이도가 몇 개 더 있었는데, 글 쓰는 현재는 이게 가장 높은 난이도네요. HTB Business CTF 2021 - Theta writeup 27 Jul 2021 Theta was a challenge at the HTB Business CTF 2021 from the ‘Cloud’ category. Write-Ups, Tools and Scripts for Hack The Box. Follow Archive Bug Bounty Write-up Submissions IW Ambassadors Weekly News Letter For the Pass-the-Certificateattack, we can leverage either certipy-ad, as discussed in the Mistwriteup, or delve into the PKINITtoolskit below. in is your go-to blog for everything cybersecurity. In this box, I’ll start by finding an exposed git repo on the webserver, and use that to find source code for the site, We love Hack the Box (htb), Discord and Community - So why not bring it together! This very simple Discord JS bot handles /htb commands that makes it easy to work on HTB machines and challenges on your Discord server! Writeup of the Why Lambda challenge from Hackthebox - Releases · Waz3d/HTB-WhyLambda-Writeup HTB: Stacked hackthebox ctf htb-stacked nmap localstack feroxbuster wfuzz vhosts docker docker-compose xss burp burp-repeater xss-referer aws awslocal aws-lambda cve-2021-32090 command-injection pspy Writeup of the Why Lambda challenge from Hackthebox - Activity · Waz3d/HTB-WhyLambda-Writeup Topic Replies Views Activity; About the Challenges category. 11. Writeup of the Why Lambda challenge from Hackthebox - Milestones - Waz3d/HTB-WhyLambda-Writeup Notes and reports from HTB boxes. Let’s go! Today we tackle a medium difficulty HTB machine in the guided mode. Writeup of the Why Lambda challenge from Hackthebox - Waz3d/HTB-WhyLambda-Writeup Epsilon originally released in the 2021 HTB University CTF, but later released on HTB for others to play. The first try, I only focused on the Lambda services. A path hijacking Then we will get access to lambda functions that contain the information we need to create a valid JWT to log in the website. This leads to credential reuse, granting access to other internal systems. xlsx file containing user information such as Hack The Box - HTB Artificial Writeup - Easy - Season 8 Weekly - June 21st, 2025 In a dance of code and chaos, a mindful exploration unwraps hidden paths—from the first nmap whispers to the deserialization of a misdirected TensorFlow model—revealing the inherent beauty and impermanence in every vulnerability, and the art of transforming weakness into root power. Dive into detailed write-ups on Hack The Box machines, AI in security, AWS pentesting, red teaming strategies, web app and WiFi hacking, network penetration testing, Learning Cloud with HTB Business CTF 2025 — A Complete (cloud) Writeup: Part 2 (END) In the cloud, misconfigurations rain breaches — but knowledge clears the skies. _msdcs. htb gc. Please do not post any spoilers or big hints. Learning is much better with friends, I would highly recommend finding people around the same skill level that also enjoy doing similar things. About HTB (HackTheBox) write-ups and solutions for various challenges and machines, including CTF challenges in AI, Blockchain, Crypto, Hardware, OSINT, and Web categories. Contribute to faisalfs10x/HTB-challenge-writeup development by creating an account on GitHub. 주의 : 이 글은 푸는 방법은 전부 설명하고 있으나 정답이랑 최종 payload는 없습니다. But, pay attention to the restrictions in backy. In this write-up, we will dive into the HackTheBox seasonal machine Editorial. In [HTB] 靶机学习(二)TheFrizz 概要 学习hackthebox的第二天,本人为初学者,将以初学者的角度对靶机渗透进行学习,中途可能会插入一些跟实操关系不大的相关新概念的学习和解释,尽量做到详细,不跳步,所以也会有理解不正确的地方,欢迎大佬们提出指正 信息收集 nmap - sC - sV -F 10. Feel free to explore the writeup and learn from the techniques used to solve this HacktheBox machine. It is a Linux machine on which we will carry out a SSRF attack that will allow us to gain access to the system via SSH. If you're looking for friends to solve boxes with, our Discord Community is full of people at all skill levels. 2: 3270: November 1, 2021 Writeup of the Why Lambda challenge from Hackthebox - Pull requests · Waz3d/HTB-WhyLambda-Writeup Found: domaindnszones. So I looked into vue XSS examples and all showed just v Hack The Box - HTB Era Writeup - Medium - Season 8 Weekly - July 26th, 2025 A journey of stealth and insight, where each crafted command unveils hidden doors in the cyber realm, reminding us that mastery is HTB-WhyLambda-Writeup Let's begin by looking at what the web application let you do. Like with any CTF you would start with an nmap scan. Taking a closer look the site’s source code, the first thing that stood out to me was that the “complaints reporting” part was managed by a bot. This detailed walkthrough covers the key steps and methodologies Hack The Box “Planning” Walkthrough. The website redirected to titanic. hacking cybersecurity ctf-writeups pentesting ctf htb hackthebox hackthebox-writeups htb-writeups ctf-walkthroughs htb-walkthroughs hackthebox-walkthroughs Updated 3 weeks ago TypeScript Blurry is an interesting HTB machine where you will leverage the CVE 2024-24590 exploit to pop a reverse shell in order to escalate your privileges within the local system. sh We can’t just write the /root/ to task. py script, as is often the case in this HTB-WhyLambda-Writeup Let's begin by looking at what the web application let you do. So I looked into vue XSS examples and all showed just v-html as the equivalent of innerHTML. As of now, my main goal is to verticalize my skills on the Web Security sector, as part of my affort to maybe, one day, join TeamItaly. Pretty much every step is straightforward. Discover smart, unique perspectives on Htb Writeup and the topics that matter most to you like Htb, Htb Walkthrough, Hackthebox, Cybersecurity, Hacking So this is my write-up on one of the HackTheBox machines called Trick. It’s a Linux box and its ip is 10. It involved a unsecured AWS Lambda service that could be exploited in order to obtain code execution on the server the service was running on. Enhance your cybersecurity skills with detailed guides on HTB challenges We would like to show you a description here but the site won’t allow us. Writeup of the Why Lambda challenge from Hackthebox - Waz3d/HTB-WhyLambda-Writeup Official discussion thread for Why Lambda. It was a fun Quick Summary Hey guys, today writeup retired and here’s my write-up about it. Upon opening the page you see that the index has nothing more than a bunch of images and text Official discussion thread for Why Lambda. htb. After scanning the target, I found that ports 22 (SSH) and 80 (Apache) were open. TL;DR This writeup is based on the Titanic machine, an easy-rated Linux box on Hack The Box. txt referenced nowhere so either LFI or RCE. htb ``` Adding these as well to our /etc/hosts echo '10. I competed with the ITSEC Asia team, and we ended up securing 16th place out of 795 companies. The initial enumeration step begins with an Nmap scan of the target IP address. More than 100 million people use GitHub to discover, fork, and contribute to over 420 million projects. 0: 1338: August 5, 2021 : Official Substandard Optimization Discussion. check all running services I found 3 services running on localstack which are Lambda, logs, and cloudwatch. HTB CTF HTB Quote Protected: HTB Writeup – Planning Axura·2025-05-11·4,009 Views This post is password protected. WhiteRabbit HTB Writeup | HacktheBox HTB: WhiteRabbit – Season 7 Walkthrough Summary WhiteRabbit was the final machine of Hack The Box Season 7, and it delivered a solid mix of enumeration, exploitation, and My personal writeup on HackTheBox machines and challenges - hackernese/HTB-Writeup AWS penetration testing: a step-by-step guide Christian Becker, Advanced Attack Simulation Specialist at Y-Sec, shares essential techniques and tools for AWS pentesting. Read writing from John Grese on Medium. md","contentType":"file [HackTheBox] Why Lambda write-up 오랜만에 쓰는 writeup입니다. About Official Writeups for HackTheBox Business CTF 2025: Operation Blackout {"payload":{"allShortcutsEnabled":false,"fileTree":{"stacked":{"items":[{"name":"write-up-stacked. The point is that, if the written text corresponds to a number, then the Why Lambda is a Hack The Box challenge involving machine learning and XSS. TO GET THE COMPLETE IN-DEPTH PICTORIAL WRITEUP RIGHT NOW, SUBSCRIBE TO THE NEWSLETTER! CAP is an easy and a very interesting machine, especially if you visit HTB after a very long time. First, I enumerate the Lambda services using aws-cli to list all functions. Contribute to 1Birdo/HTB-writeup development by creating an account on GitHub. TO GET THE COMPLETE IN-DEPTH PICTORIAL WRITEUP RIGHT NOW, SUBSCRIBE TO THE NEWSLETTER! HTB-Mailing-Writeup-Walkthrough @EnisisTourist In this writeup, we delve into the Mailing box, the first Windows machine of Hack The Box’s Season 5. This scan showed us that there are 2 Explore the fundamentals of cybersecurity in the Epsilon Capture The Flag (CTF) challenge, a medium-level experience! This straightforward CTF writeup provides insights into key concepts with clarity and simplicity, making it accessible for players at this level. When bot -> XSS. HackTheBox challenge write-up. A short summary of how I proceeded to root the machine: through smb find a . solarlab. Description It looks like the AI hype has reached further than we thought. Dive into detailed write-ups on Hack The Box machines, AI in security, AWS pentesting, red teaming strategies, web app and WiFi hacking, network penetration testing, CTF HTB Quote HTB Writeup – Cypher Axura·2025-03-02·5,212 Views RECON Port Scan Read stories about Htb Writeup on Medium. htb Found: forestdnszones. Contribute to Kyuu-Ji/htb-write-up development by creating an account on GitHub. Hack The Box - HTB Sorcery Writeup - Insane - Season 8 Weekly - June 14th, 2025 Between the cryptic echoes of open ports and encrypted streams lies a digital zen—a meditative revelation in each scan, urging us to see the hidden poetry of the cyber realm. - d0n601/HTB_Writeup-Template This writeup includes a detailed walkthrough of the machine, including the steps to exploit it and gain root access. analysis. Next up we are going to exploit a Server Side Template Injection in order to get command execution. htb Writeup of the Why Lambda challenge from Hackthebox - Issues · Waz3d/HTB-WhyLambda-Writeup In here I post the writeups of my favourites CTF challenges that I manage to solve. The challenge as a whole is divided into two main parts: a frontend and a backend, but only the first is exposed to external traffic In the frontend we have a site which lets us write by hand some text on top of a canvas. Finally, we get /root. WRITEUP COMING SOON! COMPLETE IN-DEPTH PICTORIAL WRITEUP OF THEFRIZZ ON HACKTHEBOX WILL BE POSTED POST-RETIREMENT OF THE MACHINE ACCORDING TO HTB GUIDELINES. txt using the same way. Don’t try and over complicate things like I did, it took be a whole day when really it should have been an hour or 2. A step-by-step write-up on how to approach this boot2root challenge, recon, research vulnerabilities, exploit and perform post-exploitation of a Linux server running a vulnerable CMS web application (SPIP 4). 250 internal. App has backend in flask and front in vue. json, and it's better that we go to matrin’s directory Before you start reading this write up, I’ll just say one thing. Let’s jump right in ! GitHub is where people build software. SolarLab is a medium-difficulty machine on HackTheBox that begins with anonymous access to SMB shares, revealing sensitive data due to weak password policies. One of these systems is susceptible to a Server-Side Template Injection (SSTI) attack, facilitating further movement In this latest article, I am sharing a very detailed and comprehensive walkthrough of HTB Business CTF 2024 's Fullpwn challenge " Submerged ". Introduction After a long while since I participated in a CTF, I had the pleasure to participate in HTB Business CTF 2024 these past few days. A guide to completing the Titanic HackTheBox machine. Please find the secret inside the Labyrinth: Password: First off, I put the IP address in the ‘etc/hosts’ file along with the domain names for ports 80 (solarlab. This walkthrough is now live on my website, where I Introduction screen for “Writeup” Machine About Writeup Writeup is an easy difficulty Linux box with DoS protection in place to prevent brute forcing. Certified HTB Writeup | HacktheBox Achieved a full compromise of the Certified machine, demonstrating the power of leveraging misconfigurations and services in AD environments. GitHub is where people build software. This is my writeup for the challenge. Write-Ups for HackTheBox. The user is found to be in a non-default group, which has write access to part of the PATH. I went solo htb cpts writeup HTB Certified Penetration Testing Specialist (HTB CPTS) Unlock exam success with our Exam Writeup Package! This all-in-one solution includes a ready-to-use report template, step-by-step findings explanation, and crucial screenshots for crystal-clear analysis. It’s a mode that should help us solve the machine with some greater. Time for another writeup on this totally well maintained blog 👀. A CMS susceptible to a SQL injection vulnerability is found, which is leveraged to gain user credentials. This challenge involved exploiting a SSRF vulnerability in an AWS app and some simple post-exploitation techniques. Let's get those hostnames added to our /etc/hosts file. The best channels for this are under the "HTB: Platform" section, where there are specific places to talk about each type of challenge Welcome to this WriteUp of the HackTheBox machine “SolarLab”. Kyle Waltersincluded in Draft 2025-02-19 About 4000 words 19 minutes Contents Introduction Before we begin Preflight Checklist Advice and Other Thoughts Steps to user. Those keys get access to lambda functions which contain a secret that is Why Lambda is a Hack The Box challenge involving machine learning and XSS. 138, I added it to /etc/hosts as writeup. Both tools serve similar purposes in achieving certificate-based attacks. Because of this goal of mine, i will not share writeups of challenges which I solved together with the team of srdnlen, as those are always a result of great group effort HTB - Why Lambda - web - hard 29 May 2024 The challenge have flag. htb respectively. . htb and report. This box uses ClearML, an open-source machine learning platform that allows its users to streamline the machine learning Write-ups of challenges solved in HTB University CTF 2021 (Quals) as a part of team JH4CK. md","path":"stacked/write-up-stacked. Now, let’s dig deeper. Insider was an exploit challenge during the 2022 Business CTF from HackTheBox named DirtyMoney. WRITEUP COMING SOON! COMPLETE IN-DEPTH PICTORIAL WRITEUP OF HAZE ON HACKTHEBOX WILL BE POSTED POST-RETIREMENT OF THE MACHINE ACCORDING TO HTB GUIDELINES. This box was rated very easy and is found under the starting point boxes in the lab section of HTB This box was very interesting it was the first box that I every attempted that had cloud aspects In the output for tcp/80 and tcp/6791, we can see a redirect to solarlab. Nmap is a powerful network scanning tool that helps identify open ports and the services running on those ports. FYI, Lambda is a serverless compute service that can run code without managing the servers. This machine is quite easy if you just take a step back and do what you have previously practices. Each solution comes with detailed explanations and This is a writeup for the medium difficulty retired Linux machine Epsilon, which features AWS hacking for Lambda functions. I enjoyed myself despite having only solved a handful of challenges. The challenge is rated as Hard, and is an example of chaining multiple vulnerabilities to hack a web application. appmnmnk bxms kljjaj fnig fdvgvog xkaxu xtaw jhgfife hsch dkjypd