Hack the Box

Description Devvortex is an easy Hack The Box machine that features: VHOST Enumeration Joomla CVE-2023-23752 Information Exposure vulnerability Remote Code Execution using a Joomla Template Password Cracking from a MySQL database Password Reuse Privilege Escalation by using vulnerable apport-cli application. Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.168.118. $ ping -c 3 10.129.168.118 PING 10.129.168.118 (10.129.168.118) 56(84) bytes of data. 64 bytes from 10.129.168.118: icmp_seq=1 ttl=63 time=41.4 ms 64 bytes from 10.129.168.118: icmp_seq=2 ttl=63 time=40.7 ms 64 bytes from 10.129.168.118: icmp_seq=3 ttl=63 time=40.0 ms --- 10.129.168.118 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 40.038/40.710/41.386/0.550 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Description Surveillance is a medium Hack The Box machine that features: Vulnerable Craft CMS allowing Remote Command Execution Sensitive Data Exposure from Backups Password Cracking using John the Ripper Password Reuse Vulnerable ZoneMinder allowing Remote Command Execution Privilege Escalation via an incorrectly detainted Perl script Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.178.62. ...

Description Hospital is a medium Hack The Box machine that features: Arbitrary File Upload, Privilege Escalation via Ubuntu Linux Kernel vulnerability CVE-2023-2640 Shadow File Hash Cracking with John the Ripper Password Reuse GhostScript CVE-2023-36664 Command Injection vulnerability Privilege Escalation via a Misconfigured Apache running as System User Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.164.203. ...

Description Codify is an easy Hack The Box machine that features: Sandbox Escape in NodeJS vm2 Library Password Hash from a Database Cracking Password Reuse Escalation via a Bash Pattern Matching Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.151.136. $ ping -c 3 10.129.151.136 PING 10.129.151.136 (10.129.151.136) 56(84) bytes of data. 64 bytes from 10.129.151.136: icmp_seq=1 ttl=63 time=44.2 ms 64 bytes from 10.129.151.136: icmp_seq=2 ttl=63 time=42.6 ms 64 bytes from 10.129.151.136: icmp_seq=3 ttl=63 time=42.8 ms --- 10.129.151.136 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2003ms rtt min/avg/max/mdev = 42.646/43.207/44.205/0.707 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Description Analytics is an easy Hack The Box machine that features: Vulnerable Metabase Remote Command Execution Sensitive Data Exposure in a Docker Container Privilege Escalation via Ubuntu Linux Kernel vulnerability CVE-2023-2640 Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.233. $ ping -c 3 10.10.11.233 PING 10.10.11.233 (10.10.11.233) 56(84) bytes of data. 64 bytes from 10.10.11.233: icmp_seq=1 ttl=63 time=42.0 ms 64 bytes from 10.10.11.233: icmp_seq=2 ttl=63 time=51.4 ms 64 bytes from 10.10.11.233: icmp_seq=3 ttl=63 time=134 ms --- 10.10.11.233 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2003ms rtt min/avg/max/mdev = 42.020/75.700/133.650/41.156 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Description Manager is a medium Hack The Box machine that features: Active Directory Enumeration Use of Weak Passwords Sensitive Data Exposure AD CS Domain Privilege Escalation Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.236. $ ping -c 3 10.10.11.236 PING 10.10.11.236 (10.10.11.236) 56(84) bytes of data. 64 bytes from 10.10.11.236: icmp_seq=1 ttl=127 time=43.8 ms 64 bytes from 10.10.11.236: icmp_seq=2 ttl=127 time=42.3 ms 64 bytes from 10.10.11.236: icmp_seq=3 ttl=127 time=43.3 ms --- 10.10.11.236 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 42.294/43.131/43.766/0.617 ms The machine is active and with the TTL that equals 127 (128 minus 1 jump) we can assure that it is an Windows machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Description CozyHosting is an easy Hack The Box machine that features: Misconfigured Spring Application Command Injection Sensitive Data Exposure Password Hash Crack Privilege Escalation via a vulnerable command Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.208. $ ping -c 3 10.10.11.230 PING 10.10.11.230 (10.10.11.230) 56(84) bytes of data. 64 bytes from 10.10.11.230: icmp_seq=1 ttl=63 time=42.5 ms 64 bytes from 10.10.11.230: icmp_seq=2 ttl=63 time=42.2 ms 64 bytes from 10.10.11.230: icmp_seq=3 ttl=63 time=42.4 ms --- 10.10.11.230 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2003ms rtt min/avg/max/mdev = 42.185/42.372/42.541/0.145 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Description Visual is a medium Hack The Box machine that features: Remote Command Execution via Visual Studio Project Pivoting to the Service account via a Web Service Privilege Escalation via a Token Impersonation using FullPowers and GodPotato tools Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.234. $ ping -c 3 10.10.11.234 PING 10.10.11.234 (10.10.11.234) 56(84) bytes of data. 64 bytes from 10.10.11.234: icmp_seq=1 ttl=127 time=40.9 ms 64 bytes from 10.10.11.234: icmp_seq=2 ttl=127 time=40.7 ms 64 bytes from 10.10.11.234: icmp_seq=3 ttl=127 time=40.8 ms --- 10.10.11.234 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 40.695/40.781/40.881/0.076 ms The machine is active and with the TTL that equals 127 (128 minus 1 jump) we can assure that it is an Windows machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Description Builder is a medium Hack The Box machine that features: Jenkins vulnerability allowing reading file system files leaking user credential Privilege Escalation via a stored SSH key from the root user Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.10. $ ping -c 3 10.10.11.10 PING 10.10.11.10 (10.10.11.10) 56(84) bytes of data. 64 bytes from 10.10.11.10: icmp_seq=1 ttl=63 time=117 ms 64 bytes from 10.10.11.10: icmp_seq=2 ttl=63 time=117 ms 64 bytes from 10.10.11.10: icmp_seq=3 ttl=63 time=117 ms --- 10.10.11.10 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 116.574/116.621/116.648/0.033 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Description Keeper is an easy Hack The Box machine that features: Use of Default Credentials Sensitive Data Exposure KeePass Vault Password Recovery via a Memory Dump Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.227. $ ping -c 3 10.10.11.227 PING 10.10.11.227 (10.10.11.227) 56(84) bytes of data. 64 bytes from 10.10.11.227: icmp_seq=1 ttl=63 time=233 ms 64 bytes from 10.10.11.227: icmp_seq=2 ttl=63 time=61.1 ms 64 bytes from 10.10.11.227: icmp_seq=3 ttl=63 time=51.7 ms --- 10.10.11.227 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 51.715/115.171/232.728/83.212 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...