Hack the Box

Description Perfection is an easy Hack The Box machine that features: Ruby web application Server Side Template Injection (SSTI) Sensitive Data Exposure in a SQLite database Hash cracking using a custom mask Privilege escalation via the password previously recovered and weak permissions Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.144.202. $ ping -c 3 10.129.144.202 PING 10.129.144.202 (10.129.144.202) 56(84) bytes of data. 64 bytes from 10.129.144.202: icmp_seq=1 ttl=63 time=52.2 ms 64 bytes from 10.129.144.202: icmp_seq=2 ttl=63 time=51.6 ms 64 bytes from 10.129.144.202: icmp_seq=3 ttl=63 time=52.1 ms --- 10.129.144.202 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 51.565/51.967/52.210/0.286 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Description Jab is a medium Hack The Box machine that features: Anonymous account creation in a Jabber server User enumeration in a Jabber server Windows user enumeration and ASREPRoast attack to obtain a hash and a password Sensitive Data Exposure in a Jabber chat Remote Command Execution using DCOM Exec Privilege Escalation via a password Blowfish hash cracking of an Openfire service Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.106.86. ...

Description Crafty is an easy Hack The Box machine that features: Minecraft 1.16.5 Log4j Remote Command Execution Vulnerability Sensitive Data Exposure in a Minecraft Plugin Privilege Escalation via a Leaked Credential Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.222.13. $ ping -c 3 10.129.222.13 PING 10.129.222.13 (10.129.222.13) 56(84) bytes of data. 64 bytes from 10.129.222.13: icmp_seq=1 ttl=127 time=42.5 ms 64 bytes from 10.129.222.13: icmp_seq=2 ttl=127 time=46.6 ms 64 bytes from 10.129.222.13: icmp_seq=3 ttl=127 time=43.0 ms --- 10.129.222.13 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 42.516/44.063/46.626/1.824 ms The machine is active and with the TTL that equals 127 (128 minus 1 jump) we can assure that it is an Windows machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Description Pov is a medium Hack The Box machine that features: Subdomain Enumeration Local File Inclusion in ASP.NET application Remote Command Execution using VIEWSTATE parameter in ASP.NET Sensitive Data Exposure (credentials of other user) in PowerShell format Privilege Escalation via SeDebugPrivilege privilege Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.231.64. $ ping -c 3 10.129.231.64 PING 10.129.231.64 (10.129.231.64) 56(84) bytes of data. 64 bytes from 10.129.231.64: icmp_seq=1 ttl=127 time=95.5 ms 64 bytes from 10.129.231.64: icmp_seq=2 ttl=127 time=53.0 ms 64 bytes from 10.129.231.64: icmp_seq=3 ttl=127 time=75.1 ms --- 10.129.231.64 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 52.970/74.506/95.477/17.358 ms The machine is active and with the TTL that equals 127 (128 minus 1 jump) we can assure that it is an Windows machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Description Bizness is an easy Hack The Box machine that features: Vulnerable Apache Ofbiz Authentication Bypass and Remote Command Execution Privilege Escalation via a customized password hash cracking with John The Ripper and Password Reuse Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.251.57. $ ping -c 3 10.129.251.57 PING 10.129.251.57 (10.129.251.57) 56(84) bytes of data. 64 bytes from 10.129.251.57: icmp_seq=1 ttl=63 time=47.1 ms 64 bytes from 10.129.251.57: icmp_seq=2 ttl=63 time=47.3 ms 64 bytes from 10.129.251.57: icmp_seq=3 ttl=63 time=46.3 ms --- 10.129.251.57 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2003ms rtt min/avg/max/mdev = 46.318/46.918/47.312/0.431 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Description Monitored is a medium Hack The Box machine that features: LDAP and SNMP Service Enumeration Nagios XI CVE-2023-40931 SQL Injection vulnerability Nagios Remote Command Execution using an Administrator account Privilege Escalation via a vulnerable SUDO script Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.242.138. $ ping -c 3 10.129.242.138 PING 10.129.242.138 (10.129.242.138) 56(84) bytes of data. 64 bytes from 10.129.242.138: icmp_seq=1 ttl=63 time=46.4 ms 64 bytes from 10.129.242.138: icmp_seq=2 ttl=63 time=45.5 ms 64 bytes from 10.129.242.138: icmp_seq=3 ttl=63 time=45.1 ms --- 10.129.242.138 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 45.104/45.662/46.399/0.543 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Description Devvortex is an easy Hack The Box machine that features: VHOST Enumeration Joomla CVE-2023-23752 Information Exposure vulnerability Remote Code Execution using a Joomla Template Password Cracking from a MySQL database Password Reuse Privilege Escalation by using vulnerable apport-cli application. Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.168.118. $ ping -c 3 10.129.168.118 PING 10.129.168.118 (10.129.168.118) 56(84) bytes of data. 64 bytes from 10.129.168.118: icmp_seq=1 ttl=63 time=41.4 ms 64 bytes from 10.129.168.118: icmp_seq=2 ttl=63 time=40.7 ms 64 bytes from 10.129.168.118: icmp_seq=3 ttl=63 time=40.0 ms --- 10.129.168.118 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 40.038/40.710/41.386/0.550 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Description Surveillance is a medium Hack The Box machine that features: Vulnerable Craft CMS allowing Remote Command Execution Sensitive Data Exposure from Backups Password Cracking using John the Ripper Password Reuse Vulnerable ZoneMinder allowing Remote Command Execution Privilege Escalation via an incorrectly detainted Perl script Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.178.62. ...

Description Hospital is a medium Hack The Box machine that features: Arbitrary File Upload, Privilege Escalation via Ubuntu Linux Kernel vulnerability CVE-2023-2640 Shadow File Hash Cracking with John the Ripper Password Reuse GhostScript CVE-2023-36664 Command Injection vulnerability Privilege Escalation via a Misconfigured Apache running as System User Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.164.203. ...

Description Codify is an easy Hack The Box machine that features: Sandbox Escape in NodeJS vm2 Library Password Hash from a Database Cracking Password Reuse Escalation via a Bash Pattern Matching Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.151.136. $ ping -c 3 10.129.151.136 PING 10.129.151.136 (10.129.151.136) 56(84) bytes of data. 64 bytes from 10.129.151.136: icmp_seq=1 ttl=63 time=44.2 ms 64 bytes from 10.129.151.136: icmp_seq=2 ttl=63 time=42.6 ms 64 bytes from 10.129.151.136: icmp_seq=3 ttl=63 time=42.8 ms --- 10.129.151.136 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2003ms rtt min/avg/max/mdev = 42.646/43.207/44.205/0.707 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...