Home

Description Expressway is an easy Hack The Box machine that features: IKE IPSec server enumeration and PSK recovery Password Reuse for Linux user Privilege Escalation via a vulnerable SUDO application Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.62.220. $ ping -c 3 10.129.62.220 PING 10.129.62.220 (10.129.62.220) 56(84) bytes of data. 64 bytes from 10.129.62.220: icmp_seq=1 ttl=63 time=48.0 ms 64 bytes from 10.129.62.220: icmp_seq=2 ttl=63 time=48.7 ms 64 bytes from 10.129.62.220: icmp_seq=3 ttl=63 time=47.5 ms --- 10.129.62.220 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 47.508/48.072/48.719/0.497 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Description Giveback is a medium Hack The Box machine that features: WordPress plugin blog vulnerable to PHP Object Injection leading to Remote Command Execution in a Kubernetes container Kubernetes Network Enumeration to find another containers Container Pivoting via PHP-CGI Remote Command Execution vulnerability Use of a Kubernetes service account to read secrets containing passwords Password reuse for Linux user allows creating a shell in the host Linux machine Custom Executable password recovery via enumeration Privilege Escalation via a runc command protected with a password found previously Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.188.129. ...

Description Soulmate is an easy Hack The Box machine that features: Subdomain discovery to find a CrushFTP instance CrushFTP Authentication Bypass CrushFTP allows file upload in web server which leads in Remote Command Execution Erlang configuration script leads to user pivoting due to leaked credentials Privilege Escalation via a Erlang (EPMD) daemon running as root user Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.94.109. ...

Description Signed is a medium Hack The Box machine that features: Assumed breach scenario with credentials that leads in MSSQL service enumeration MSSQL service account NTLM hash capture and crack to elevate the privileges Privilege Escalation via the ability of creating silver tickets and the use of OPENROWSET(BULK) T-SQL query to read privileged files Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.186.204. ...

Introduction 5G is the fifth generation of mobile networks, designed to surpass 4G significantly in speed, capacity, and latency. Its objective is not limited to just browsing the internet faster, but to enable entirely new applications, such as autonomous vehicles, augmented reality, real-time telemedicine, and millions of connected devices simultaneously in the Internet of Things (IoT). In technical terms, 5G is characterized by three main pillars: eMBB (enhanced Mobile Broadband) for high-speed and large-capacity connections, URLLC (Ultra-Reliable Low Latency Communications) for critical communications with minimal latency, and mMTC (massive Machine-Type Communications) for efficiently connecting millions of IoT devices. ...

Description CodePartTwo is an easy Hack The Box machine that features: Remote Command Execution in Python application interfacing with Javascript code using js2py Recovery of a credential found in web application database and password reuse Privilege Escalation via npbackup backup application ran as root user Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.119.51. ...

Description Imagery is a medium Hack The Box machine that features: Cross Site Scripting in gallery web application allowing the capture of administrator session Path Traversal in web application allowing reading the source code Command Injection in functionality unlocked by a pivoted testing user Linux user pivoting by the decryption an old backup of the website source code Privilege Escalation via a vulnerable backup application allowing command execution Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.17.177. ...

Description HackNet is a medium Hack The Box machine that features: Server Side Template Injection in Python Django web application Credentials obtained from SSTI leads to password reuse in Linux user User pivoting to web server user via Django cache deserialization Privilege Escalation via decryption of GPG encrypted SQL dump backups Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.208.8. ...

Description Previous is a medium Hack The Box machine that features: Next.js Middleware Authorization Bypass Vulnerability Next.js Path Traversal that leads into reading compiled source code Compiled source code contains user credentials User credentials reused for Linux user Privilege Escalation via a malicious Terraform provider Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.235.175. ...

Introduction The Bluetooth Low Energy (BLE) protocol has become a fundamental standard within the IoT ecosystem, used in wearables, sensors, peripherals, and a wide variety of connected devices. It is possible to capture and analyze its traffic in real time using dedicated hardware. For this purpose, the nRF52840 Dongle from Nordic Semiconductor, together with the tool nRF Sniffer for Bluetooth LE, constitutes an accessible and powerful solution. The necessary firmware will be installed on the dongle, the sniffer will be integrated into a Linux environment, and BLE traffic will be captured in Wireshark. Three analysis scenarios are also addressed with different levels of security: connections without pairing, vulnerable classic pairing (Legacy Pairing), and modern and robust pairing based on elliptic curves (LE Secure Connections). ...