Hack the Box

Description Manager is a medium Hack The Box machine that features: Active Directory Enumeration Use of Weak Passwords Sensitive Data Exposure AD CS Domain Privilege Escalation Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.236. $ ping -c 3 10.10.11.236 PING 10.10.11.236 (10.10.11.236) 56(84) bytes of data. 64 bytes from 10.10.11.236: icmp_seq=1 ttl=127 time=43.8 ms 64 bytes from 10.10.11.236: icmp_seq=2 ttl=127 time=42.3 ms 64 bytes from 10.10.11.236: icmp_seq=3 ttl=127 time=43.3 ms --- 10.10.11.236 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 42.294/43.131/43.766/0.617 ms The machine is active and with the TTL that equals 127 (128 minus 1 jump) we can assure that it is an Windows machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Description CozyHosting is an easy Hack The Box machine that features: Misconfigured Spring Application Command Injection Sensitive Data Exposure Password Hash Crack Privilege Escalation via a vulnerable command Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.208. $ ping -c 3 10.10.11.230 PING 10.10.11.230 (10.10.11.230) 56(84) bytes of data. 64 bytes from 10.10.11.230: icmp_seq=1 ttl=63 time=42.5 ms 64 bytes from 10.10.11.230: icmp_seq=2 ttl=63 time=42.2 ms 64 bytes from 10.10.11.230: icmp_seq=3 ttl=63 time=42.4 ms --- 10.10.11.230 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2003ms rtt min/avg/max/mdev = 42.185/42.372/42.541/0.145 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Description Visual is a medium Hack The Box machine that features: Remote Command Execution via Visual Studio Project Pivoting to the Service account via a Web Service Privilege Escalation via a Token Impersonation using FullPowers and GodPotato tools Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.234. $ ping -c 3 10.10.11.234 PING 10.10.11.234 (10.10.11.234) 56(84) bytes of data. 64 bytes from 10.10.11.234: icmp_seq=1 ttl=127 time=40.9 ms 64 bytes from 10.10.11.234: icmp_seq=2 ttl=127 time=40.7 ms 64 bytes from 10.10.11.234: icmp_seq=3 ttl=127 time=40.8 ms --- 10.10.11.234 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 40.695/40.781/40.881/0.076 ms The machine is active and with the TTL that equals 127 (128 minus 1 jump) we can assure that it is an Windows machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Description Builder is a medium Hack The Box machine that features: Jenkins vulnerability allowing reading file system files leaking user credential Privilege Escalation via a stored SSH key from the root user Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.10. $ ping -c 3 10.10.11.10 PING 10.10.11.10 (10.10.11.10) 56(84) bytes of data. 64 bytes from 10.10.11.10: icmp_seq=1 ttl=63 time=117 ms 64 bytes from 10.10.11.10: icmp_seq=2 ttl=63 time=117 ms 64 bytes from 10.10.11.10: icmp_seq=3 ttl=63 time=117 ms --- 10.10.11.10 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 116.574/116.621/116.648/0.033 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Description Keeper is an easy Hack The Box machine that features: Use of Default Credentials Sensitive Data Exposure KeePass Vault Password Recovery via a Memory Dump Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.227. $ ping -c 3 10.10.11.227 PING 10.10.11.227 (10.10.11.227) 56(84) bytes of data. 64 bytes from 10.10.11.227: icmp_seq=1 ttl=63 time=233 ms 64 bytes from 10.10.11.227: icmp_seq=2 ttl=63 time=61.1 ms 64 bytes from 10.10.11.227: icmp_seq=3 ttl=63 time=51.7 ms --- 10.10.11.227 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 51.715/115.171/232.728/83.212 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Description Clicker is a medium Hack The Box machine that features: SQL Injection in web application leading to Remote Command Execution after injecting PHP code User Pivoting by reversing the functionality of a custom binary Privilege Escalation by retrieving the root private SSH key using a XXE vulnerability Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.232. ...

Description Zipping is a medium Hack The Box machine that features: SQL Injection in web application allowing reading source code and file writing Source code enumerating leads to the discovery of a Local File Inclusion vulnerability Previous vulnerabilities allowing Remote Command Execution Privilege Escalation via a malicious library loaded from a binary allowed to run with SUDO Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.229. ...

Description Sau is an easy Hack The Box machine that features: Server-Side Request Forgery Unauthenticated OS Command Injection Systemctl Privilege Escalation Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.224. $ ping -c 3 10.10.11.224 PING 10.10.11.224 (10.10.11.224) 56(84) bytes of data. 64 bytes from 10.10.11.224: icmp_seq=1 ttl=63 time=39.3 ms 64 bytes from 10.10.11.224: icmp_seq=2 ttl=63 time=39.7 ms 64 bytes from 10.10.11.224: icmp_seq=3 ttl=63 time=39.3 ms --- 10.10.11.224 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 39.312/39.445/39.708/0.185 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Description Authority is a medium Hack The Box machine that features: PWM user credentials recovery via the decryption of Ansible playbooks LDAP user password recovery by testing a connection using PWM application to our own server Privilege Escalation via ADCS ESC1 template vulnerability and LDAP shell commands Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.222. ...

Description Pilgrimage is an easy Hack The Box machine that features: Web Server File Enumeration Git Repository Exposure ImageMagick Arbitrary File Read Vulnerability Sensitive Data Exposure Privilege Escalation through Binwalk Remote Command Execution Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.219. $ ping -c 3 10.10.11.219 PING 10.10.11.219 (10.10.11.219) 56(84) bytes of data. 64 bytes from 10.10.11.219: icmp_seq=1 ttl=63 time=49.7 ms 64 bytes from 10.10.11.219: icmp_seq=2 ttl=63 time=50.4 ms 64 bytes from 10.10.11.219: icmp_seq=3 ttl=63 time=50.4 ms --- 10.10.11.219 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 49.718/50.178/50.410/0.325 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...