Hack the Box

Description Interface is a medium Hack The Box machine that features: API endpoints discovery PHP library dompdf Remote Command Execution Privilege Escalation via a Bash script Quoted Expression injection Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.200. $ ping -c 3 10.10.11.200 PING 10.10.11.200 (10.10.11.200) 56(84) bytes of data. 64 bytes from 10.10.11.200: icmp_seq=1 ttl=63 time=44.2 ms 64 bytes from 10.10.11.200: icmp_seq=2 ttl=63 time=43.5 ms 64 bytes from 10.10.11.200: icmp_seq=3 ttl=63 time=43.3 ms --- 10.10.11.200 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 43.286/43.673/44.201/0.386 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Description MetaTwo is an easy Hack The Box machine that features: SQL Injection in WordPress plugin WordPress Password Cracking WordPress Authenticated XXE Sensitive Data Exposure Passpie Password Manager Cracking Privilege Escalation Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.186. $ ping -c 3 10.10.11.186 PING 10.10.11.186 (10.10.11.186) 56(84) bytes of data. 64 bytes from 10.10.11.186: icmp_seq=1 ttl=63 time=44.3 ms 64 bytes from 10.10.11.186: icmp_seq=2 ttl=63 time=43.7 ms 64 bytes from 10.10.11.186: icmp_seq=3 ttl=63 time=43.7 ms --- 10.10.11.186 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 43.661/43.890/44.300/0.290 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Description Investigation is a medium Hack The Box machine that features: Web application using ExifTool vulnerable to Remote Command Execution User Pivoting by analyzing an email file with a Windows Event Log with a credential leaked Privilege Escalation by reversing a binary that can be executed as the root user Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.197. ...

Description Encoding is a medium Hack The Box machine that features: Web application vulnerable to File Reading vulnerability Discovery of other application vulnerable to Local File Inclusion vulnerability User Pivoting by using a malicious Git hook executed after a commit Privilege Escalation via a creation of a malicious Systemd service Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.198. ...

Description BroScience is a medium Hack The Box machine that features: Path Traversal vulnerability in PHP web application that leads into source code read PHP deserialization attack in PHP application that leads into file upload and remote command execution User Pivoting by using reused credentials cracked from a Postgres database Privilege Escalation by Command Injection in a Bash script executed by root user Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.195. ...

Description Mentor is a medium Hack The Box machine that features: Subdomain Enumerating to discover an API domain API domain endpoint discovery SNMP enumeration to discover community string and credentials API Command Injection to get a shell in a Docker container Docker container escape by using Postgres database credentials Privilege Escalation by using credential leaked in SNMP server configuration file Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.193. ...

Description Forgot is a medium Hack The Box machine that features: HTTP Host Header Injection to obtain a password recovery link Web Cache Deception vulnerability to read the administration dashboard and credentials Privilege Escalation via a TensorFlow script vulnerable to Command Injection Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.188. $ ping -c 3 10.10.11.188 PING 10.10.11.188 (10.10.11.188) 56(84) bytes of data. 64 bytes from 10.10.11.188: icmp_seq=1 ttl=63 time=43.5 ms 64 bytes from 10.10.11.188: icmp_seq=2 ttl=63 time=43.8 ms 64 bytes from 10.10.11.188: icmp_seq=3 ttl=63 time=44.2 ms --- 10.10.11.188 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2005ms rtt min/avg/max/mdev = 43.469/43.813/44.183/0.292 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Description Awkward is a medium Hack The Box machine that features: API Enumeration to obtain web application credentials Server Side Request Forgery in web application to discover internal web application hosting documentation Reading documentation about an insecure endpoint vulnerable to file reading vulnerability leading to credential gathering Privilege Escalation via file writing in web server permission and mail command injection Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.185. ...

Description Photobomb is an easy Hack The Box machine that features: Access to restricted web page by using leaked credentials found in a JavaScript source code Command Injection in web endpoint used to convert images Privilege Escalation via a script allowed to be executed as root user with binaries without absolute path and allowed to use custom environment variables Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.182. ...

Description Ambassador is a medium Hack The Box machine that features: Path Traversal vulnerability in Grafana that allows reading administrator and MySQL service credentials MySQL database contains plain-text credentials of a Linux user Privilege Escalation by using Consul application executed as root user and leaked authentication token in a GIt repository Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.183. ...