Hack the Box

Description Planning is an easy Hack The Box machine that features: Subdomain Enumeration Grafana authenticated RCE with given credentials User Pivoting via leaked credentials in a Docker container environment variables Privilege Escalation via crontab-ui web application and a stored password Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.142.49. $ ping -c 3 10.129.142.49 PING 10.129.142.49 (10.129.142.49) 56(84) bytes of data. 64 bytes from 10.129.142.49: icmp_seq=1 ttl=63 time=77.4 ms 64 bytes from 10.129.142.49: icmp_seq=2 ttl=63 time=50.9 ms 64 bytes from 10.129.142.49: icmp_seq=3 ttl=63 time=82.6 ms --- 10.129.142.49 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2003ms rtt min/avg/max/mdev = 50.914/70.309/82.646/13.882 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Description Environment is a medium Hack The Box machine that features: Laravel web application exposing source code in debug mode Changing of Laravel environment variable allows Authentication Bypass Insecure File Upload allows Remote Command Execution Access to GPG encrypted file and key-chain by web-running user reveals credentials of machine’s user Privilege Escalation via a misconfigured SUDO policy Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.26.20. ...

Description TheFrizz is a medium Hack The Box machine that features: Local File Inclusion vulnerability in Gibbon LMS allowing reading application files Arbitrary File Write in Gibbon LMS allowing Remote Command Execution Custom Hash Password Cracking of Gibbon LMS administrator Password Reuse to login by creating a Kerberos ticket Privilege Escalation by abusing the ability of creating new Group Policy Objects Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.245.150. ...

Description Nocturnal is an easy Hack The Box machine that features: Insecure direct object reference in document upload web application that reveals user credentials Source code leakage in administration dashboard that gives access to application database Credentials in the database and password reuse leads in Linux user account login Privilege Escalation via ISPConfig PHP Code Injection vulnerability Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.127.110. ...

Description Code is an easy Hack The Box machine that features: Python web application interpreter that allows reading sensitive data Password reuse for the Linux system Privilege Escalation via a vulnerable script that allows reading files from root user Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.33.252. $ ping -c 3 10.129.33.252 PING 10.129.33.252 (10.129.33.252) 56(84) bytes of data. 64 bytes from 10.129.33.252: icmp_seq=1 ttl=63 time=46.4 ms 64 bytes from 10.129.33.252: icmp_seq=2 ttl=63 time=47.2 ms 64 bytes from 10.129.33.252: icmp_seq=3 ttl=63 time=46.7 ms --- 10.129.33.252 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 46.376/46.769/47.205/0.339 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Description Cypher is a medium Hack The Box machine that features: Command Injection in a Neo4j procedure using Cypher language that leads into RCE User Pivoting by using a credential stored in a file that Neo4j user can read Privilege Escalation by loading custom YARA rules into bbot tool ran as root user Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.192.246. ...

Description Dog is an easy Hack The Box machine that features: Git repository exposing database and user credentials Backdrop CMS Remote Command Execution vulnerability via a plugin User Pivoting by using previous credential Privilege Escalation via Backdrop Bee “php-script” functionality Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.219.144. $ ping -c 3 10.129.219.144 PING 10.129.219.144 (10.129.219.144) 56(84) bytes of data. 64 bytes from 10.129.219.144: icmp_seq=1 ttl=63 time=112 ms 64 bytes from 10.129.219.144: icmp_seq=2 ttl=63 time=209 ms 64 bytes from 10.129.219.144: icmp_seq=3 ttl=63 time=112 ms --- 10.129.219.144 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2002ms rtt min/avg/max/mdev = 111.500/144.206/209.278/46.012 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Description Cat is a medium Hack The Box machine that features: Git repository exposes the source code of the web application Cross-Site Scripting in web application allowing the retrieval of the administrator session SQL Injection in the administration dashboard allows credential retrieval Login to the machine using the credentials User pivoting by using leaked credentials in Apache access log Discovery on internal Gitea service vulnerable to Stored XSS vulnerability Privilege Escalation by reading an exposed credential in an administrator Git repository using the XSS vulnerability Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.234.158. ...

Description Titanic is an easy Hack The Box machine that features: Subdomain Enumeration to find a Gitea instance with source code of a web application Path Traversal vulnerability in web ticketing application allowing the retrieval of a database with hashed credentials Hash Cracking and password reuse in a Linux user Privilege Escalation via Arbitrary Code Execution in ImageMagick script ran by root user Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.46.214. ...

Description Backfire is a medium Hack The Box machine that features: Unauthenticated Server Side Request Forgery in Havoc Framework C2 Develop of WebSockets frames using TCP sockets Authenticated Remote Command Execution in Havoc Framework C2 as the running user Default configuration of HardHatC2 software allows to forge custom JSON Web Tokens allowing the access to the application and the ability to run commands as another user Privilege Escalation using iptables and iptables-save allowing to modify system files Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.163.156. ...