Hack the Box

Description Format is a medium Hack The Box machine that features: Local File Inclusion and File Writing vulnerability in PHP application Nginx proxy_pass directive allows writing to a Redis socket User Pivoting via a password retrieve from the Redis database Privilege Escalation via Python variable printing with a custom license generator Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.213. ...

Description Aero is a medium Hack The Box machine that features: Windows Themes vulnerability allowing Remote Command Execution Privilege Escalation via Common Log File System vulnerability Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.237. $ ping -c 3 10.10.11.237 PING 10.10.11.237 (10.10.11.237) 56(84) bytes of data. 64 bytes from 10.10.11.237: icmp_seq=1 ttl=127 time=118 ms 64 bytes from 10.10.11.237: icmp_seq=2 ttl=127 time=118 ms 64 bytes from 10.10.11.237: icmp_seq=3 ttl=127 time=118 ms --- 10.10.11.237 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 118.253/118.306/118.400/0.066 ms The machine is active and with the TTL that equals 127 (128 minus 1 jump) we can assure that it is an Windows machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Description Wifinetic is an easy Hack The Box machine that features: Anonymous FTP server allows retrieving credentials and a backup of a configuration of OpenWRT Privilege Escalation via a recovery of a Wi-Fi password by a vulnerability of the Wi-Fi protocol Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.247. $ ping -c 3 10.10.11.247 PING 10.10.11.247 (10.10.11.247) 56(84) bytes of data. 64 bytes from 10.10.11.247: icmp_seq=1 ttl=63 time=51.0 ms 64 bytes from 10.10.11.247: icmp_seq=2 ttl=63 time=56.6 ms 64 bytes from 10.10.11.247: icmp_seq=3 ttl=63 time=55.1 ms --- 10.10.11.247 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 50.966/54.204/56.583/2.372 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Description MonitorsTwo is an easy Hack The Box machine that features: Remote Command Execution Sensitive Data Exposure Hash Cracking Misconfigured Docker and SUID Privilege Escalation Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.211. $ ping -c 3 10.10.11.211 PING 10.10.11.211 (10.10.11.211) 56(84) bytes of data. 64 bytes from 10.10.11.211: icmp_seq=1 ttl=63 time=42.8 ms 64 bytes from 10.10.11.211: icmp_seq=2 ttl=63 time=44.7 ms 64 bytes from 10.10.11.211: icmp_seq=3 ttl=63 time=43.5 ms --- 10.10.11.211 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2003ms rtt min/avg/max/mdev = 42.750/43.657/44.715/0.809 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Description OnlyForYou is a medium Hack The Box machine that features: Local File Inclusion in Python web application revealing source code of other application Main web application vulnerable to Command Injection Internal service discovery and Cypher Neo4j injection to obtain credentials for user pivoting Privilege Escalation via an user allowed to run pip3 download command with command execution Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.210. ...

Description Busqueda is an easy Hack The Box machine that features: Arbitrary Code Execution via Unsanitized Python Eval Sensitive Data Exposure VHOST Discover Bypassing Paths of Python File Privilege Escalation Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.208. $ ping -c 3 10.10.11.208 PING 10.10.11.208 (10.10.11.208) 56(84) bytes of data. 64 bytes from 10.10.11.208: icmp_seq=1 ttl=63 time=43.8 ms 64 bytes from 10.10.11.208: icmp_seq=2 ttl=63 time=43.8 ms 64 bytes from 10.10.11.208: icmp_seq=3 ttl=63 time=43.3 ms --- 10.10.11.208 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 43.335/43.657/43.843/0.229 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Description Agile is a medium Hack The Box machine that features: Path Traversal in web application with Werkzeug debug activated leading to Remote Command Execution User Pivoting by leaked credentials in the password database User Pivoting by watching and interacting with Selenium session Privilege Escalation via a modification of the Python virtualenv initialization script with a SUDO vulnerability Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.203. ...

Description Socket is a medium Hack The Box machine that features: Reverse Engineering and PyInstaller decompiling to discover Python code SQL Injection to a WebSocket endpoint revealing credentials Reused credentials and SSH login Privilege Escalation via a PyInstaller build script that allow extracting sensitive files Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.206. ...

Description Inject is an easy Hack The Box machine that features: Local File Inclusion Remote Command Execution Sensitive Data Exposure Ansible Playbook Privilege Escalation Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.204. $ ping -c 3 10.10.11.204 PING 10.10.11.204 (10.10.11.204) 56(84) bytes of data. 64 bytes from 10.10.11.204: icmp_seq=1 ttl=63 time=46.8 ms 64 bytes from 10.10.11.204: icmp_seq=2 ttl=63 time=44.3 ms 64 bytes from 10.10.11.204: icmp_seq=3 ttl=63 time=43.9 ms --- 10.10.11.204 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 43.861/44.977/46.769/1.279 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Description Stocker is an easy Hack The Box machine that features: VHOST Enumeration NoSQL injection Server Side XSS (Dynamic PDF) Sensitive Data Exposure Sudo Execution Bypassing Paths Privilege Escalation Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.196. $ ping -c 3 10.10.11.196 PING 10.10.11.196 (10.10.11.196) 56(84) bytes of data. 64 bytes from 10.10.11.196: icmp_seq=1 ttl=63 time=43.3 ms 64 bytes from 10.10.11.196: icmp_seq=2 ttl=63 time=43.5 ms 64 bytes from 10.10.11.196: icmp_seq=3 ttl=63 time=43.3 ms --- 10.10.11.196 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 43.315/43.389/43.527/0.097 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...