[HTB] Registry — Write-up

Welcome to the HTB Registry write-up! This was a hard-difficulty box and had many fun components to complete it. For the initial shell, I had to inspect the website certificate to identify its subdomain associated with the Docker instance. Then, by abusing the Docker registry, I obtained the first user’s SSH private key to gain shell access. Further enumeration identified bolt.db inside the box which contained password hash for admin user for…

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
bigb0ss

bigb0ss

OSWE | OSCE | OSCP | CREST | Lead Offensive Security Engineer — All about Penetration Test, Red Team, Cloud Security, Web Application Security