nmap enumeration nmap -A -p- -T4 -vvv -oN devel 10.10.10.5 FTP upload test From nmap result it says ftp allows anonymous login. Now I test whether I can upload files. I can also do directory and file listing. Test if the files in FTP reflects the page in the web. The iistart.htm is also available. … Continue reading [hackthebox]Devel
Tag: hackthebox
[hackthebox]Nest
Introduction Nest has a lot of twist, it is like playing a RPG game which I need to gather materials to forge the ultimate weapon for the final boss. I have gain knowledge on operating within a smb share environment, at first I did things stupidly but then I realize I should use recurse on … Continue reading [hackthebox]Nest
[hackthebox]Cascade
Introduction This is rated a medium difficulty machine, I encountered a lot of twists and turns, the items found do not give me direct answers, but are required to reveal the answers that is user.txt and root.txt. Very interesting machine which requires the knowledge of manual ldap enumeration with ldapsearch to gain initial foothold, then … Continue reading [hackthebox]Cascade
[hackthebox]misDIRection
misDIRection is a miscellaneous challenge in hackthebox, the zipped file contains a hidden folder with many subdirectories, and not every subdirectories have a file, the filenames are all unique numbers and a total of 36 of them, there are no contents within the files. This is a clueless challenge to be honest..., I depended on … Continue reading [hackthebox]misDIRection
[hackthebox]Blackhole
Blackhole is a miscellaneous challenge in hackthebox which requires me to download a file and to find the flag within the file, this post document the process of finding the flag but the flag will not be revealed in this post. 1. Unzip the package It is a nested zipped package. At first glance it … Continue reading [hackthebox]Blackhole
[hackthebox]Magic
Pre-requisite There are a few things you need to understand before attempting this machine, else playing this machine will be very difficult and the members in HTB will not leak any information for you, they will only "nudge" you towards the direction to solve the user and root puzzles, so without some pre-requisites nudging can … Continue reading [hackthebox]Magic
[hackthebox]Servmon
Introduction Servmon is a new machine which receives very low ratings because a lot of people are complaining about the nsclient++ web portal being "unstable", well this can be circumvented by using chromium browser, if you are using kali linux as root then run chromium --no-sandbox, you cannot login to this portal remotely because it … Continue reading [hackthebox]Servmon
[hackthebox]Postman
Things I have learned How to check Redis' vulnerability by using redis-cli. Detail enumeration with nmap, my first attempt of scanning I did not discover the redis port. How to enumerate with redis-cli. NMAP enumeration nmap -sC -sV -p- -oN postman 10.10.10.160 -vvv -p- this is a shorthand of -p 1-65535 so this option scans … Continue reading [hackthebox]Postman
[hackthebox]Cronos
Introduction I have not developed hacker's hunch yet and hope to do continuous learning to learn more techniques and hopefully I can develop a hunch soon, I am following a few walkthroughs and htb's official guide, to be honest if I am to start hacking this machine I think I will take two weeks to … Continue reading [hackthebox]Cronos
HackTheBox – Get the invite code
You have to find the invite code yourself, the link is https://www.hackthebox.eu/invite in order to join the club to learn hacking yourself. The invite code extraction method may change, but this is the current one as of today 25th of Feb 2020. I am using firefox, so on this https://www.hackthebox.eu/invite, click on web developer on … Continue reading HackTheBox – Get the invite code
cyruslab 