Hack the Box

Description OnlyForYou is a medium Hack The Box machine that features: Local File Inclusion in Python web application revealing source code of other application Main web application vulnerable to Command Injection Internal service discovery and Cypher Neo4j injection to obtain credentials for user pivoting Privilege Escalation via an user allowed to run pip3 download command with command execution Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.210. ...

Description Busqueda is an easy Hack The Box machine that features: Arbitrary Code Execution via Unsanitized Python Eval Sensitive Data Exposure VHOST Discover Bypassing Paths of Python File Privilege Escalation Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.208. $ ping -c 3 10.10.11.208 PING 10.10.11.208 (10.10.11.208) 56(84) bytes of data. 64 bytes from 10.10.11.208: icmp_seq=1 ttl=63 time=43.8 ms 64 bytes from 10.10.11.208: icmp_seq=2 ttl=63 time=43.8 ms 64 bytes from 10.10.11.208: icmp_seq=3 ttl=63 time=43.3 ms --- 10.10.11.208 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 43.335/43.657/43.843/0.229 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Description Agile is a medium Hack The Box machine that features: Path Traversal in web application with Werkzeug debug activated leading to Remote Command Execution User Pivoting by leaked credentials in the password database User Pivoting by watching and interacting with Selenium session Privilege Escalation via a modification of the Python virtualenv initialization script with a SUDO vulnerability Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.203. ...

Description Socket is a medium Hack The Box machine that features: Reverse Engineering and PyInstaller decompiling to discover Python code SQL Injection to a WebSocket endpoint revealing credentials Reused credentials and SSH login Privilege Escalation via a PyInstaller build script that allow extracting sensitive files Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.206. ...

Description Inject is an easy Hack The Box machine that features: Local File Inclusion Remote Command Execution Sensitive Data Exposure Ansible Playbook Privilege Escalation Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.204. $ ping -c 3 10.10.11.204 PING 10.10.11.204 (10.10.11.204) 56(84) bytes of data. 64 bytes from 10.10.11.204: icmp_seq=1 ttl=63 time=46.8 ms 64 bytes from 10.10.11.204: icmp_seq=2 ttl=63 time=44.3 ms 64 bytes from 10.10.11.204: icmp_seq=3 ttl=63 time=43.9 ms --- 10.10.11.204 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 43.861/44.977/46.769/1.279 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Description Stocker is an easy Hack The Box machine that features: VHOST Enumeration NoSQL injection Server Side XSS (Dynamic PDF) Sensitive Data Exposure Sudo Execution Bypassing Paths Privilege Escalation Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.196. $ ping -c 3 10.10.11.196 PING 10.10.11.196 (10.10.11.196) 56(84) bytes of data. 64 bytes from 10.10.11.196: icmp_seq=1 ttl=63 time=43.3 ms 64 bytes from 10.10.11.196: icmp_seq=2 ttl=63 time=43.5 ms 64 bytes from 10.10.11.196: icmp_seq=3 ttl=63 time=43.3 ms --- 10.10.11.196 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 43.315/43.389/43.527/0.097 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Description Escape is a medium Hack The Box machine that features: PDF file of a accesible SMB share reveals MSSQL credentials MSSQL service account NTLM hash capture and crack to elevate the privileges User Pivoting by leaked credentials in a log file Privilege Escalation via impersonating the Administrator user using the ESC1 vulnerability in Certificate Templates used in Active Directory Certificate Services Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.202. ...

Description Soccer is an easy Hack The Box machine that features: Directory Enumeration Use of Default Credentials Remote Code Execution VHOST Discovering SQL Injection over WebSocket Sensitive Data Exposure DOAS Privilege Escalation. Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.194. $ ping -c 3 10.10.11.194 PING 10.10.11.194 (10.10.11.194) 56(84) bytes of data. 64 bytes from 10.10.11.194: icmp_seq=1 ttl=63 time=44.3 ms 64 bytes from 10.10.11.194: icmp_seq=2 ttl=63 time=43.3 ms 64 bytes from 10.10.11.194: icmp_seq=3 ttl=63 time=43.7 ms --- 10.10.11.194 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2003ms rtt min/avg/max/mdev = 43.340/43.755/44.276/0.389 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Description TwoMillion is an easy Hack The Box machine that features: Invite Code generation to register in a web application API enumeration to change a normal user into an administrator Command Injection in an API used to generate VPN connection files User Pivoting by using reused credentials found in environment file Privilege Escalation via OverlayFS Linux Kernel vulnerability Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.221. ...

Description Bagel is a medium Hack The Box machine that features: Path Traversal in web application allows reading web source code discovering a NetCore application with a WebSocket in another port Reverse Engineering of NetCore application lead to the discovery of credentials and a insecure deserialization vulnerability Insecure Deserialization vulnerability allows reading the content of the private SSH key of an user User Pivoting by using the previously leaked credential Privilege Escalation by creating a command execution NetCore application allowed to be executed by the root user Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.201. ...