hackthebox – Shocker

Enumeration I am using my own bash script to do a more efficient nmap scan. Here's the simple bash script: #!/bin/bash if [ $# -eq 0 ]; then echo "Usage: $0 <target_ip> <output_file>" else ports=$(nmap -T4 --min-rate=1000 -p- $1|grep -e ^[0-9]|cut -d "/" -f 1| tr '\n' ','|sed 's/,$//') nmap -sC -sV -p $ports -vvv … Continue reading hackthebox – Shocker →

hackthebox – Bank

nmap nmap -sS -sV -p- -oN bank.txt 10.10.10.29 The result as follows: Nmap scan report for 10.10.10.29 Host is up (0.0049s latency). Not shown: 65532 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 6.6.1p1 Ubuntu 2ubuntu2.8 (Ubuntu Linux; protocol 2.0) 53/tcp open domain ISC BIND 9.9.5-3ubuntu0.14 (Ubuntu Linux) 80/tcp open http Apache httpd … Continue reading hackthebox – Bank →

[hackthebox]Bastard

NMAP nmap -sC -sV -oN bastard.nmap -vvv 10.10.10.9 Drupal I was using nikto -host 10.10.10.9 and found that there is a robots.txt, there are other text files as well, but the robots.txt may give good information about the web directories. changelog.txt By reading robots.txt I found that there is a changelog.txt, this changelog.txt would give … Continue reading [hackthebox]Bastard →

[hackthebox]Blunder

This is a linux machine that is rated easy, in fact it is only easy when I have gotten the correct parameters to exploit the CVEs. NMAP This machine unlike other Linux HTB machines do not have ssh, it only has http service opened. nmap -sV -sC -vvv -oN blunder 10.10.10.191 Looking at the web … Continue reading [hackthebox]Blunder →

[hackthebox]Jeeves

Introduction Jeeves is a machine that is rated easy, this machine is hacked through exploiting unauthenticated jeeves dashboard usage. A java reverse shell is executed in Jeeves' console script (where groovy script can be run for troubleshooting) is run and a reverse connection is connected back to my netcat server. Once the reverse connection is … Continue reading [hackthebox]Jeeves →

[hackthebox]Cache

Introduction This is an interesting machine, it is rated as medium difficulty, there are a few techniques such as sql injection, memcache enumeration and docker privilege escalation. I have learned memcache and docker privesc from this machine and deepened my familiarity with sqlmap, sqlmap in my opinion is the most difficult technique as there are … Continue reading [hackthebox]Cache →

[hackthebox]Silo

Introduction I attempted this retired machine without reading the htb guides, I went through a lot of rabbit holes and eventually found that the oracle tns port 1521 is the entry point. On testing the silo machine I found that it is susceptible to tns poisoning, searching on the web I found this invaluable article … Continue reading [hackthebox]Silo →

[hackthebox]Heist

Enumeration This section describes the reconnaissance techniques used to find foothold to start, the purpose is to understand the machine before issuing attacks. nmap enumeration nmap -A -p- -oN heist -vvv 10.10.10.149 The machine is listening to these services: tcp/135 - rpc, possible to enumerate with rpcclient. tcp/445 - SMB, check whether the smb is … Continue reading [hackthebox]Heist →

[hackthebox]Admirer

this machine is rated as easy, but in actual fact it should be medium according to the perspective of my skill level, nonetheless I have learned some useful things about this hack. nmap enumeration nmap -A -T4 -p- -oN admirer -vvv -Pn 10.10.10.187 the results present three ports: Web fuzzing I did the gobuster to … Continue reading [hackthebox]Admirer →

[hackthebox] Optimum

This is a relative easy machine, as seen from the matrix the attacks are more related to CVE. nmap enumeration nmap -A -p- -T4 -oN optimum -vvv 10.10.10.8 Http File Server 2.3 As shown in the web browser, the web service is hosted by http file server which is a program for windows to server … Continue reading [hackthebox] Optimum →