Hack the Box

Description Escape is a medium Hack The Box machine that features: PDF file of a accesible SMB share reveals MSSQL credentials MSSQL service account NTLM hash capture and crack to elevate the privileges User Pivoting by leaked credentials in a log file Privilege Escalation via impersonating the Administrator user using the ESC1 vulnerability in Certificate Templates used in Active Directory Certificate Services Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.202. ...

Description Soccer is an easy Hack The Box machine that features: Directory Enumeration Use of Default Credentials Remote Code Execution VHOST Discovering SQL Injection over WebSocket Sensitive Data Exposure DOAS Privilege Escalation. Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.194. $ ping -c 3 10.10.11.194 PING 10.10.11.194 (10.10.11.194) 56(84) bytes of data. 64 bytes from 10.10.11.194: icmp_seq=1 ttl=63 time=44.3 ms 64 bytes from 10.10.11.194: icmp_seq=2 ttl=63 time=43.3 ms 64 bytes from 10.10.11.194: icmp_seq=3 ttl=63 time=43.7 ms --- 10.10.11.194 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2003ms rtt min/avg/max/mdev = 43.340/43.755/44.276/0.389 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Description TwoMillion is an easy Hack The Box machine that features: Invite Code generation to register in a web application API enumeration to change a normal user into an administrator Command Injection in an API used to generate VPN connection files User Pivoting by using reused credentials found in environment file Privilege Escalation via OverlayFS Linux Kernel vulnerability Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.221. ...

Description Bagel is a medium Hack The Box machine that features: Path Traversal in web application allows reading web source code discovering a NetCore application with a WebSocket in another port Reverse Engineering of NetCore application lead to the discovery of credentials and a insecure deserialization vulnerability Insecure Deserialization vulnerability allows reading the content of the private SSH key of an user User Pivoting by using the previously leaked credential Privilege Escalation by creating a command execution NetCore application allowed to be executed by the root user Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.201. ...

Description Precious is an easy Hack The Box machine that features: Command Injection Sensitive Data Exposure YAML Deserialization Privilege Escalation Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.189. $ ping -c 3 10.10.11.189 PING 10.10.11.189 (10.10.11.189) 56(84) bytes of data. 64 bytes from 10.10.11.189: icmp_seq=1 ttl=63 time=345 ms 64 bytes from 10.10.11.189: icmp_seq=2 ttl=63 time=44.3 ms 64 bytes from 10.10.11.189: icmp_seq=3 ttl=63 time=324 ms --- 10.10.11.189 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2002ms rtt min/avg/max/mdev = 44.276/237.727/345.296/137.076 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Description Interface is a medium Hack The Box machine that features: API endpoints discovery PHP library dompdf Remote Command Execution Privilege Escalation via a Bash script Quoted Expression injection Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.200. $ ping -c 3 10.10.11.200 PING 10.10.11.200 (10.10.11.200) 56(84) bytes of data. 64 bytes from 10.10.11.200: icmp_seq=1 ttl=63 time=44.2 ms 64 bytes from 10.10.11.200: icmp_seq=2 ttl=63 time=43.5 ms 64 bytes from 10.10.11.200: icmp_seq=3 ttl=63 time=43.3 ms --- 10.10.11.200 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 43.286/43.673/44.201/0.386 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Description MetaTwo is an easy Hack The Box machine that features: SQL Injection in WordPress plugin WordPress Password Cracking WordPress Authenticated XXE Sensitive Data Exposure Passpie Password Manager Cracking Privilege Escalation Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.186. $ ping -c 3 10.10.11.186 PING 10.10.11.186 (10.10.11.186) 56(84) bytes of data. 64 bytes from 10.10.11.186: icmp_seq=1 ttl=63 time=44.3 ms 64 bytes from 10.10.11.186: icmp_seq=2 ttl=63 time=43.7 ms 64 bytes from 10.10.11.186: icmp_seq=3 ttl=63 time=43.7 ms --- 10.10.11.186 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 43.661/43.890/44.300/0.290 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Description Investigation is a medium Hack The Box machine that features: Web application using ExifTool vulnerable to Remote Command Execution User Pivoting by analyzing an email file with a Windows Event Log with a credential leaked Privilege Escalation by reversing a binary that can be executed as the root user Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.197. ...

Description Encoding is a medium Hack The Box machine that features: Web application vulnerable to File Reading vulnerability Discovery of other application vulnerable to Local File Inclusion vulnerability User Pivoting by using a malicious Git hook executed after a commit Privilege Escalation via a creation of a malicious Systemd service Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.198. ...

Description BroScience is a medium Hack The Box machine that features: Path Traversal vulnerability in PHP web application that leads into source code read PHP deserialization attack in PHP application that leads into file upload and remote command execution User Pivoting by using reused credentials cracked from a Postgres database Privilege Escalation by Command Injection in a Bash script executed by root user Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.195. ...