Hack the Box

Description Titanic is an easy Hack The Box machine that features: Subdomain Enumeration to find a Gitea instance with source code of a web application Path Traversal vulnerability in web ticketing application allowing the retrieval of a database with hashed credentials Hash Cracking and password reuse in a Linux user Privilege Escalation via Arbitrary Code Execution in ImageMagick script ran by root user Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.46.214. ...

Description Backfire is a medium Hack The Box machine that features: Unauthenticated Server Side Request Forgery in Havoc Framework C2 Develop of WebSockets frames using TCP sockets Authenticated Remote Command Execution in Havoc Framework C2 as the running user Default configuration of HardHatC2 software allows to forge custom JSON Web Tokens allowing the access to the application and the ability to run commands as another user Privilege Escalation using iptables and iptables-save allowing to modify system files Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.163.156. ...

Description EscapeTwo is an easy Hack The Box machine that features: Initial access using an assumed breach scenario that leads in a discovery of a SMB share SMB share with damaged spreadsheet reveal DB Administrator credentials DB Administrator is able to run commands and read a file with credentials Credential’s user have WriteOwner permission over Certification Authority account Certification Authority account password can be changed Privilege Escalation via a vulnerability in a certification template Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.241.157. ...

Description Heal is a medium Hack The Box machine that features: Path Traversal in a Ruby on Rails web application Database Dump of a Ruby on Rails web Application Weak password found in database dump allows the login to LimeSurvey application Remote Command Execution using LimeSurvey application and the upload of a malicious plugin User Pivoting by using a reused password from a configuration file of LimeSurvey Privilege Escalation by abusing a weak instance of Consul that allows the execution of commands Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.30.209. ...

Description UnderPass is an easy Hack The Box machine that features: SNMP Enumeration to find an installed web application Use of default credentials in the RADIUS management web application User and Password Enumeration of the RADIUS web application Password Reuse of RADIUS user in Linux server Privilege Escalation via Mosh (Mobile Shell) command executed with root permissions Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.145.216. ...

Description Administrator is an medium Hack The Box machine that features: Active Directory Enumeration using given user domain credentials Given user domain with GenericAll access grant to an user, allowing the user to change the password User domain with ForceChangePassword access grant to an user, allowing the user to change the password User can access to a FTP server that allows the recovery of a password manager backup Recovery of the master password of a password manager and its credentials User domain with GenericWrite access grant to an user, allowing the user to recover the Kerberos hash and the password Privilege Escalation with an user domain with the DCSync permissions, dumping the credentials Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.144.56. ...

Description LinkVortex is an easy Hack The Box machine that features: Subdomain Enumeration to find a hidden Git Repository Credential Leakage in a Git Repository Arbitrary File Read in Ghost CMS Password Reuse in Linux account found in Ghost configuration file Privilege Escalation via bypassing the restriction of a Bash script Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.39.160. ...

Description Alert is an easy Hack The Box machine that features: PHP web application vulnerable to Cross-Site Scripting (XSS) PHP web application vulnerable to Server-Side Request Forgery (SSRF) PHP web application vulnerable to Path Traversal that leaks the credentials of a web server Web server credentials of a web server reused for the Linux system Privilege Escalation via a writable web server folder hosted with a service by root user Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.121.113. ...

Description Certified is an medium Hack The Box machine that features: Active Directory Enumeration using given user domain credentials Given user domain with WriteOwner access grant to a group, allowing the user to add itself to the group Group users has the GenericWrite access grant to a domain user with permissions to log into the machine, allowing changing the password Logged user has the GenericAll permission to a Certificate Authority user, allowing them to change its password and other user fields Privilege Escalation via impersonating the Administrator user using the ESC9 vulnerability in Certificate Templates used in Active Directory Certificate Services Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.24.237. ...

Description Chemistry is an easy Hack The Box machine that features: Arbitrary Code Execution in pymatgen Python library and CIF files User Pivoting by cracking a hashed password in a database file Local Port Forwarding of an internal web application using aiohttp Python library Privilege Escalation via a File Traversal vulnerability in aiohttp Python library that allows retrieving the private SSH key of the root user Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.79.219. ...