Enumeration I am using my own bash script to do a more efficient nmap scan. Here's the simple bash script: #!/bin/bash if [ $# -eq 0 ]; then echo "Usage: $0 <target_ip> <output_file>" else ports=$(nmap -T4 --min-rate=1000 -p- $1|grep -e ^[0-9]|cut -d "/" -f 1| tr '\n' ','|sed 's/,$//') nmap -sC -sV -p $ports -vvv … Continue reading hackthebox – Shocker
Category: hackthebox
hackthebox – Bank
nmap nmap -sS -sV -p- -oN bank.txt 10.10.10.29 The result as follows: Nmap scan report for 10.10.10.29 Host is up (0.0049s latency). Not shown: 65532 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 6.6.1p1 Ubuntu 2ubuntu2.8 (Ubuntu Linux; protocol 2.0) 53/tcp open domain ISC BIND 9.9.5-3ubuntu0.14 (Ubuntu Linux) 80/tcp open http Apache httpd … Continue reading hackthebox – Bank
hackthebox – Buff
Nmap scan nmap -A -Pn -oN nmap.txt 10.10.10.198 TCP 8080 is found Gym management software This is the main page of the gym management web application On the contact page it shows the Gym Management Software 1.0. Gym Management Software vulnerability By searching the web there is a vulnerability of Gym Management software version 1.0 … Continue reading hackthebox – Buff
[hackthebox]Bastard
NMAP nmap -sC -sV -oN bastard.nmap -vvv 10.10.10.9 Drupal I was using nikto -host 10.10.10.9 and found that there is a robots.txt, there are other text files as well, but the robots.txt may give good information about the web directories. changelog.txt By reading robots.txt I found that there is a changelog.txt, this changelog.txt would give … Continue reading [hackthebox]Bastard
[hackthebox]Blunder
This is a linux machine that is rated easy, in fact it is only easy when I have gotten the correct parameters to exploit the CVEs. NMAP This machine unlike other Linux HTB machines do not have ssh, it only has http service opened. nmap -sV -sC -vvv -oN blunder 10.10.10.191 Looking at the web … Continue reading [hackthebox]Blunder
[hackthebox]Jeeves
Introduction Jeeves is a machine that is rated easy, this machine is hacked through exploiting unauthenticated jeeves dashboard usage. A java reverse shell is executed in Jeeves' console script (where groovy script can be run for troubleshooting) is run and a reverse connection is connected back to my netcat server. Once the reverse connection is … Continue reading [hackthebox]Jeeves
[hackthebox]Cache
Introduction This is an interesting machine, it is rated as medium difficulty, there are a few techniques such as sql injection, memcache enumeration and docker privilege escalation. I have learned memcache and docker privesc from this machine and deepened my familiarity with sqlmap, sqlmap in my opinion is the most difficult technique as there are … Continue reading [hackthebox]Cache
[hackthebox]Silo
Introduction I attempted this retired machine without reading the htb guides, I went through a lot of rabbit holes and eventually found that the oracle tns port 1521 is the entry point. On testing the silo machine I found that it is susceptible to tns poisoning, searching on the web I found this invaluable article … Continue reading [hackthebox]Silo
[hackthebox]Heist
Enumeration This section describes the reconnaissance techniques used to find foothold to start, the purpose is to understand the machine before issuing attacks. nmap enumeration nmap -A -p- -oN heist -vvv 10.10.10.149 The machine is listening to these services: tcp/135 - rpc, possible to enumerate with rpcclient. tcp/445 - SMB, check whether the smb is … Continue reading [hackthebox]Heist
[hackthebox]Admirer
this machine is rated as easy, but in actual fact it should be medium according to the perspective of my skill level, nonetheless I have learned some useful things about this hack. nmap enumeration nmap -A -T4 -p- -oN admirer -vvv -Pn 10.10.10.187 the results present three ports: Web fuzzing I did the gobuster to … Continue reading [hackthebox]Admirer
cyruslab 