Introduction️ One of the phases of dynamic analysis of Android applications is the interception of connections made by the application to remote servers. In the case that they use the HTTP protocol can be easily intercepted and manipulated with a proxy server since the protocol does not use encryption. But in the case that it uses the HTTPS protocol we will need to install an SSL certificate from a Certification Authority on our device since the connection will be encrypted with this one. Additionally, some applications use the technique of SSL Pinning, which consists in trusting only certain embedded certificates in the application.️ ...

Description Pilgrimage is an easy Hack The Box machine that features: Web Server File Enumeration Git Repository Exposure ImageMagick Arbitrary File Read Vulnerability Sensitive Data Exposure Privilege Escalation through Binwalk Remote Command Execution Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.219. $ ping -c 3 10.10.11.219 PING 10.10.11.219 (10.10.11.219) 56(84) bytes of data. 64 bytes from 10.10.11.219: icmp_seq=1 ttl=63 time=49.7 ms 64 bytes from 10.10.11.219: icmp_seq=2 ttl=63 time=50.4 ms 64 bytes from 10.10.11.219: icmp_seq=3 ttl=63 time=50.4 ms --- 10.10.11.219 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 49.718/50.178/50.410/0.325 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Description Sandworm is a medium Hack The Box machine that features: Flask web application vulnerable to Server Side Template Injection leading to Remote Command Execution User Pivoting by using leaked and re-used httpie credentials User Pivoting by infecting a Rust dependency administrated by Cargo package manager Privilege Escalation by using firejail vulnerability allowing running set-uid binaries Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.218. ...

Description Broker is an easy Hack The Box machine that features: ActiveMQ Remote Command Execution vulnerability Privilege Escalation via nginx web server executed as root user Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.243. $ ping -c 3 10.10.11.243 PING 10.10.11.243 (10.10.11.243) 56(84) bytes of data. 64 bytes from 10.10.11.243: icmp_seq=1 ttl=63 time=123 ms 64 bytes from 10.10.11.243: icmp_seq=2 ttl=63 time=122 ms 64 bytes from 10.10.11.243: icmp_seq=3 ttl=63 time=122 ms --- 10.10.11.243 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 122.114/122.682/123.477/0.579 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Description Topology is an easy Hack The Box machine that features: VHOST Enumeration LaTeX command injection Sensitive Data Exposure Apache Password Hash Cracking Privilege Escalation via Gnuplot Cron job Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.217. $ ping -c 3 10.10.11.217 PING 10.10.11.217 (10.10.11.217) 56(84) bytes of data. 64 bytes from 10.10.11.217: icmp_seq=1 ttl=63 time=49.6 ms 64 bytes from 10.10.11.217: icmp_seq=2 ttl=63 time=50.5 ms 64 bytes from 10.10.11.217: icmp_seq=3 ttl=63 time=49.1 ms --- 10.10.11.217 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 49.127/49.749/50.485/0.560 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Introduction️ To perform a security audit of an Android application, it is necessary to create a customized environment, which can be based on a physical device or an emulator. For most cases, an emulator will suffice. In this article we will create a virtual machine for Android in x86_64 architecture, and modify it by installing Magisk, to obtain superuser permissions and install modules, and install some applications.️ Installing the Android Emulator For the Android emulator, we have chosen the official Android IDE, Android Studio, which includes support for Android Virtual Devices (AVD). To install the IDE, simply go to its official website and download the installer by accepting the license terms. During the installation process, when selecting the components to install, we will deselect the option Android Virtual Device, as we will configure it later. In this case, we will install the IDE in our Documents directory.️ ...

Description PC is an easy Hack The Box machine that features: gRPC enumeration SQL Injection over gRPC Sensitive Data Exposure PyLoad Vulnerability Privilege Escalation Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.214. $ ping -c 3 10.10.11.214 PING 10.10.11.214 (10.10.11.214) 56(84) bytes of data. 64 bytes from 10.10.11.214: icmp_seq=1 ttl=63 time=44.1 ms 64 bytes from 10.10.11.214: icmp_seq=2 ttl=63 time=43.8 ms 64 bytes from 10.10.11.214: icmp_seq=3 ttl=63 time=43.4 ms --- 10.10.11.214 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2005ms rtt min/avg/max/mdev = 43.448/43.806/44.133/0.280 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Description Jupiter is a medium Hack The Box machine that features: Subdomain Enumeration to find an opened Grafana dashboard SQL Injection in Grafana due to use raw PostgreSQL queries leading to Remote Command Execution User Pivoting by interacting with Cron job executed by another user User Pivoting by using the Jupiter Notebook ran by another user leading Privilege Escalation by exploiting a custom binary ability of downloading and creating files Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.216. ...

Introduction️ Firebase Firestore is a NoSQL cloud database provided by Google as part of the Firebase platform that allows developers to store, synchronize and query data in real-time for web, mobile and server applications. Data are organized into individual documents grouped into collections. Each document is a JSON data structure containing key-value pairs.️ Regarding the possible security issues that could be left unprotected by a project that uses Firebase Firestore, here are some points to consider: ...

Description Format is a medium Hack The Box machine that features: Local File Inclusion and File Writing vulnerability in PHP application Nginx proxy_pass directive allows writing to a Redis socket User Pivoting via a password retrieve from the Redis database Privilege Escalation via Python variable printing with a custom license generator Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.213. ...