Hack the Box

Description Sau is an easy Hack The Box machine that features: Server-Side Request Forgery Unauthenticated OS Command Injection Systemctl Privilege Escalation Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.224. $ ping -c 3 10.10.11.224 PING 10.10.11.224 (10.10.11.224) 56(84) bytes of data. 64 bytes from 10.10.11.224: icmp_seq=1 ttl=63 time=39.3 ms 64 bytes from 10.10.11.224: icmp_seq=2 ttl=63 time=39.7 ms 64 bytes from 10.10.11.224: icmp_seq=3 ttl=63 time=39.3 ms --- 10.10.11.224 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 39.312/39.445/39.708/0.185 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Description Authority is a medium Hack The Box machine that features: PWM user credentials recovery via the decryption of Ansible playbooks LDAP user password recovery by testing a connection using PWM application to our own server Privilege Escalation via ADCS ESC1 template vulnerability and LDAP shell commands Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.222. ...

Description Pilgrimage is an easy Hack The Box machine that features: Web Server File Enumeration Git Repository Exposure ImageMagick Arbitrary File Read Vulnerability Sensitive Data Exposure Privilege Escalation through Binwalk Remote Command Execution Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.219. $ ping -c 3 10.10.11.219 PING 10.10.11.219 (10.10.11.219) 56(84) bytes of data. 64 bytes from 10.10.11.219: icmp_seq=1 ttl=63 time=49.7 ms 64 bytes from 10.10.11.219: icmp_seq=2 ttl=63 time=50.4 ms 64 bytes from 10.10.11.219: icmp_seq=3 ttl=63 time=50.4 ms --- 10.10.11.219 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 49.718/50.178/50.410/0.325 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Description Sandworm is a medium Hack The Box machine that features: Flask web application vulnerable to Server Side Template Injection leading to Remote Command Execution User Pivoting by using leaked and re-used httpie credentials User Pivoting by infecting a Rust dependency administrated by Cargo package manager Privilege Escalation by using firejail vulnerability allowing running set-uid binaries Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.218. ...

Description Broker is an easy Hack The Box machine that features: ActiveMQ Remote Command Execution vulnerability Privilege Escalation via nginx web server executed as root user Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.243. $ ping -c 3 10.10.11.243 PING 10.10.11.243 (10.10.11.243) 56(84) bytes of data. 64 bytes from 10.10.11.243: icmp_seq=1 ttl=63 time=123 ms 64 bytes from 10.10.11.243: icmp_seq=2 ttl=63 time=122 ms 64 bytes from 10.10.11.243: icmp_seq=3 ttl=63 time=122 ms --- 10.10.11.243 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 122.114/122.682/123.477/0.579 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Description Topology is an easy Hack The Box machine that features: VHOST Enumeration LaTeX command injection Sensitive Data Exposure Apache Password Hash Cracking Privilege Escalation via Gnuplot Cron job Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.217. $ ping -c 3 10.10.11.217 PING 10.10.11.217 (10.10.11.217) 56(84) bytes of data. 64 bytes from 10.10.11.217: icmp_seq=1 ttl=63 time=49.6 ms 64 bytes from 10.10.11.217: icmp_seq=2 ttl=63 time=50.5 ms 64 bytes from 10.10.11.217: icmp_seq=3 ttl=63 time=49.1 ms --- 10.10.11.217 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 49.127/49.749/50.485/0.560 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Description PC is an easy Hack The Box machine that features: gRPC enumeration SQL Injection over gRPC Sensitive Data Exposure PyLoad Vulnerability Privilege Escalation Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.214. $ ping -c 3 10.10.11.214 PING 10.10.11.214 (10.10.11.214) 56(84) bytes of data. 64 bytes from 10.10.11.214: icmp_seq=1 ttl=63 time=44.1 ms 64 bytes from 10.10.11.214: icmp_seq=2 ttl=63 time=43.8 ms 64 bytes from 10.10.11.214: icmp_seq=3 ttl=63 time=43.4 ms --- 10.10.11.214 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2005ms rtt min/avg/max/mdev = 43.448/43.806/44.133/0.280 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Description Jupiter is a medium Hack The Box machine that features: Subdomain Enumeration to find an opened Grafana dashboard SQL Injection in Grafana due to use raw PostgreSQL queries leading to Remote Command Execution User Pivoting by interacting with Cron job executed by another user User Pivoting by using the Jupiter Notebook ran by another user leading Privilege Escalation by exploiting a custom binary ability of downloading and creating files Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.216. ...

Description Format is a medium Hack The Box machine that features: Local File Inclusion and File Writing vulnerability in PHP application Nginx proxy_pass directive allows writing to a Redis socket User Pivoting via a password retrieve from the Redis database Privilege Escalation via Python variable printing with a custom license generator Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.213. ...

Description Aero is a medium Hack The Box machine that features: Windows Themes vulnerability allowing Remote Command Execution Privilege Escalation via Common Log File System vulnerability Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.237. $ ping -c 3 10.10.11.237 PING 10.10.11.237 (10.10.11.237) 56(84) bytes of data. 64 bytes from 10.10.11.237: icmp_seq=1 ttl=127 time=118 ms 64 bytes from 10.10.11.237: icmp_seq=2 ttl=127 time=118 ms 64 bytes from 10.10.11.237: icmp_seq=3 ttl=127 time=118 ms --- 10.10.11.237 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 118.253/118.306/118.400/0.066 ms The machine is active and with the TTL that equals 127 (128 minus 1 jump) we can assure that it is an Windows machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...