There is no excerpt because this is a protected post.
Author: cyruslab
[hackthebox]Silo
Introduction I attempted this retired machine without reading the htb guides, I went through a lot of rabbit holes and eventually found that the oracle tns port 1521 is the entry point. On testing the silo machine I found that it is susceptible to tns poisoning, searching on the web I found this invaluable article … Continue reading [hackthebox]Silo
[hackthebox]Heist
Enumeration This section describes the reconnaissance techniques used to find foothold to start, the purpose is to understand the machine before issuing attacks. nmap enumeration nmap -A -p- -oN heist -vvv 10.10.10.149 The machine is listening to these services: tcp/135 - rpc, possible to enumerate with rpcclient. tcp/445 - SMB, check whether the smb is … Continue reading [hackthebox]Heist
Protected: [hackthebox]Admirer
There is no excerpt because this is a protected post.
[hackthebox] Optimum
This is a relative easy machine, as seen from the matrix the attacks are more related to CVE. nmap enumeration nmap -A -p- -T4 -oN optimum -vvv 10.10.10.8 Http File Server 2.3 As shown in the web browser, the web service is hosted by http file server which is a program for windows to server … Continue reading [hackthebox] Optimum
[hackthebox]Devel
nmap enumeration nmap -A -p- -T4 -vvv -oN devel 10.10.10.5 FTP upload test From nmap result it says ftp allows anonymous login. Now I test whether I can upload files. I can also do directory and file listing. Test if the files in FTP reflects the page in the web. The iistart.htm is also available. … Continue reading [hackthebox]Devel
[hackthebox]Nest
Introduction Nest has a lot of twist, it is like playing a RPG game which I need to gather materials to forge the ultimate weapon for the final boss. I have gain knowledge on operating within a smb share environment, at first I did things stupidly but then I realize I should use recurse on … Continue reading [hackthebox]Nest
Protected: [hackthebox]Cascade
There is no excerpt because this is a protected post.
[hackthebox]misDIRection
misDIRection is a miscellaneous challenge in hackthebox, the zipped file contains a hidden folder with many subdirectories, and not every subdirectories have a file, the filenames are all unique numbers and a total of 36 of them, there are no contents within the files. This is a clueless challenge to be honest..., I depended on … Continue reading [hackthebox]misDIRection
[hackthebox]Blackhole
Blackhole is a miscellaneous challenge in hackthebox which requires me to download a file and to find the flag within the file, this post document the process of finding the flag but the flag will not be revealed in this post. 1. Unzip the package It is a nested zipped package. At first glance it … Continue reading [hackthebox]Blackhole
