HackerWorkspaceHTB: AirTouch
https://0xdf.gitlab.io/2026/04/18/htb-airtouch.html
Read on HackerWorkspace: https://hackerworkspace.com/article/htb-airtouch
HTB: AirTouch
AirTouch simulates a wireless network environment. I’ll start by pulling a default password from SNMP to SSH as a consultant user inside a container with virtual wireless interfaces. From there, I’ll capture and crack a WPA2-PSK handshake to join the tablet network, then decrypt the captured traffic in WireShark to recover session cookies for a router management site. A client-side role cookie gates an admin upload feature, where I’ll bypass the PHP extension filter with a phtml file to get RCE. Hardcoded credentials in the source give me the next user, and sudo gets me root, where I find the CA and server certs for the corporate wireless network. I’ll use those with eaphammer to stand up an evil twin of AirTouch-Office and capture a PEAP-MSCHAPv2 challenge, which cracks to reveal a user’s password. That gets me onto the corporate network, where a hostapd eap_user file leaks an admin password, and sudo gets me to root.
CyberCraft
Collectors Realm 3 - Vintage gay porn, Jack Drago, and Bob's Guys [Unofficial]
Habr
scorn
hubertf
