Description Hospital is a medium Hack The Box machine that features: Arbitrary File Upload, Privilege Escalation via Ubuntu Linux Kernel vulnerability CVE-2023-2640 Shadow File Hash Cracking with John the Ripper Password Reuse GhostScript CVE-2023-36664 Command Injection vulnerability Privilege Escalation via a Misconfigured Apache running as System User Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.164.203. ...

Description Codify is an easy Hack The Box machine that features: Sandbox Escape in NodeJS vm2 Library Password Hash from a Database Cracking Password Reuse Escalation via a Bash Pattern Matching Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.151.136. $ ping -c 3 10.129.151.136 PING 10.129.151.136 (10.129.151.136) 56(84) bytes of data. 64 bytes from 10.129.151.136: icmp_seq=1 ttl=63 time=44.2 ms 64 bytes from 10.129.151.136: icmp_seq=2 ttl=63 time=42.6 ms 64 bytes from 10.129.151.136: icmp_seq=3 ttl=63 time=42.8 ms --- 10.129.151.136 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2003ms rtt min/avg/max/mdev = 42.646/43.207/44.205/0.707 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Introduction️ Kali Linux is a security auditing Linux distribution based on Debian GNU/Linux. Kali is aimed at security professionals and IT administrators, allowing them to perform advanced penetration testing, forensic analysis, and security audits. Debian GNU/Linux is one of the main generic Linux distributions, known for its quality and stability. Kali Linux is based on the work of the Debian project and adds over 400 special purpose packages of its own, all related to information security, particularly in the field of penetration testing. The default ISO images can be downloaded from the Kali website.️ ...

Description Analytics is an easy Hack The Box machine that features: Vulnerable Metabase Remote Command Execution Sensitive Data Exposure in a Docker Container Privilege Escalation via Ubuntu Linux Kernel vulnerability CVE-2023-2640 Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.233. $ ping -c 3 10.10.11.233 PING 10.10.11.233 (10.10.11.233) 56(84) bytes of data. 64 bytes from 10.10.11.233: icmp_seq=1 ttl=63 time=42.0 ms 64 bytes from 10.10.11.233: icmp_seq=2 ttl=63 time=51.4 ms 64 bytes from 10.10.11.233: icmp_seq=3 ttl=63 time=134 ms --- 10.10.11.233 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2003ms rtt min/avg/max/mdev = 42.020/75.700/133.650/41.156 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Description Manager is a medium Hack The Box machine that features: Active Directory Enumeration Use of Weak Passwords Sensitive Data Exposure AD CS Domain Privilege Escalation Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.236. $ ping -c 3 10.10.11.236 PING 10.10.11.236 (10.10.11.236) 56(84) bytes of data. 64 bytes from 10.10.11.236: icmp_seq=1 ttl=127 time=43.8 ms 64 bytes from 10.10.11.236: icmp_seq=2 ttl=127 time=42.3 ms 64 bytes from 10.10.11.236: icmp_seq=3 ttl=127 time=43.3 ms --- 10.10.11.236 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 42.294/43.131/43.766/0.617 ms The machine is active and with the TTL that equals 127 (128 minus 1 jump) we can assure that it is an Windows machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Description CozyHosting is an easy Hack The Box machine that features: Misconfigured Spring Application Command Injection Sensitive Data Exposure Password Hash Crack Privilege Escalation via a vulnerable command Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.208. $ ping -c 3 10.10.11.230 PING 10.10.11.230 (10.10.11.230) 56(84) bytes of data. 64 bytes from 10.10.11.230: icmp_seq=1 ttl=63 time=42.5 ms 64 bytes from 10.10.11.230: icmp_seq=2 ttl=63 time=42.2 ms 64 bytes from 10.10.11.230: icmp_seq=3 ttl=63 time=42.4 ms --- 10.10.11.230 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2003ms rtt min/avg/max/mdev = 42.185/42.372/42.541/0.145 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Introduction️ NXDN (Next Generation Digital Narrowband) is a digital radio standard developed jointly by Icom and Kenwood in Japan. It was designed for voice and data communications in bidirectional radio environments, such as mobile and portable radio communication systems used by organizations like emergency services, companies, and government agencies.️ These communications may be sent without encryption or using DES or AES encryption as specified in the NXDN TS 1-D Version 1.3 specification NXDN TS 1-D Version 1.3. In this case we will focus on Scramble encryption, which is defined as follows.️ ...

Description Visual is a medium Hack The Box machine that features: Remote Command Execution via Visual Studio Project Pivoting to the Service account via a Web Service Privilege Escalation via a Token Impersonation using FullPowers and GodPotato tools Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.234. $ ping -c 3 10.10.11.234 PING 10.10.11.234 (10.10.11.234) 56(84) bytes of data. 64 bytes from 10.10.11.234: icmp_seq=1 ttl=127 time=40.9 ms 64 bytes from 10.10.11.234: icmp_seq=2 ttl=127 time=40.7 ms 64 bytes from 10.10.11.234: icmp_seq=3 ttl=127 time=40.8 ms --- 10.10.11.234 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 40.695/40.781/40.881/0.076 ms The machine is active and with the TTL that equals 127 (128 minus 1 jump) we can assure that it is an Windows machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Description Builder is a medium Hack The Box machine that features: Jenkins vulnerability allowing reading file system files leaking user credential Privilege Escalation via a stored SSH key from the root user Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.10. $ ping -c 3 10.10.11.10 PING 10.10.11.10 (10.10.11.10) 56(84) bytes of data. 64 bytes from 10.10.11.10: icmp_seq=1 ttl=63 time=117 ms 64 bytes from 10.10.11.10: icmp_seq=2 ttl=63 time=117 ms 64 bytes from 10.10.11.10: icmp_seq=3 ttl=63 time=117 ms --- 10.10.11.10 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 116.574/116.621/116.648/0.033 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Description Keeper is an easy Hack The Box machine that features: Use of Default Credentials Sensitive Data Exposure KeePass Vault Password Recovery via a Memory Dump Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.227. $ ping -c 3 10.10.11.227 PING 10.10.11.227 (10.10.11.227) 56(84) bytes of data. 64 bytes from 10.10.11.227: icmp_seq=1 ttl=63 time=233 ms 64 bytes from 10.10.11.227: icmp_seq=2 ttl=63 time=61.1 ms 64 bytes from 10.10.11.227: icmp_seq=3 ttl=63 time=51.7 ms --- 10.10.11.227 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 51.715/115.171/232.728/83.212 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...