Introduction️ Nordic nRF51 is a series of system-on-a-chip (SoC) developed by Nordic Semiconductor. These chips are designed specifically for low power and low energy applications in the field of wireless connectivity. The nRF51 series includes several models, such as the nRF51822 and the nRF51802, among others.️ These chips are widely used in low-power devices, such as wearables, IoT sensors (Internet of Things), health devices, and other devices that require efficient connectivity and minimal energy consumption. In the case that we need to perform a reverse engineering analysis on some of these devices it will be necessary to obtain a copy of the firmware from the chip itself of the device.️ ...

Description Clicker is a medium Hack The Box machine that features: SQL Injection in web application leading to Remote Command Execution after injecting PHP code User Pivoting by reversing the functionality of a custom binary Privilege Escalation by retrieving the root private SSH key using a XXE vulnerability Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.232. ...

Description Zipping is a medium Hack The Box machine that features: SQL Injection in web application allowing reading source code and file writing Source code enumerating leads to the discovery of a Local File Inclusion vulnerability Previous vulnerabilities allowing Remote Command Execution Privilege Escalation via a malicious library loaded from a binary allowed to run with SUDO Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.229. ...

Description Sau is an easy Hack The Box machine that features: Server-Side Request Forgery Unauthenticated OS Command Injection Systemctl Privilege Escalation Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.224. $ ping -c 3 10.10.11.224 PING 10.10.11.224 (10.10.11.224) 56(84) bytes of data. 64 bytes from 10.10.11.224: icmp_seq=1 ttl=63 time=39.3 ms 64 bytes from 10.10.11.224: icmp_seq=2 ttl=63 time=39.7 ms 64 bytes from 10.10.11.224: icmp_seq=3 ttl=63 time=39.3 ms --- 10.10.11.224 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 39.312/39.445/39.708/0.185 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Introduction️ Remote controls by infrared (IR) are electronic devices that use infrared signals to communicate with other electronic devices, such as televisions or air conditioners. The basic operation of an IR remote control is based on the emission of infrared signals from the remote towards an infrared receiver in the device being controlled.️ These signals contain specific codes that are interpreted by the receiving device, causing the corresponding action to be executed, such as turning the device on and off, changing channels, or adjusting volume. The infrared signals generated by the IR LED are modulated, meaning the light intensity is periodically modified according to a specific pattern. This modulation pattern is unique for each button or function on the remote control.️ ...

Description Authority is a medium Hack The Box machine that features: PWM user credentials recovery via the decryption of Ansible playbooks LDAP user password recovery by testing a connection using PWM application to our own server Privilege Escalation via ADCS ESC1 template vulnerability and LDAP shell commands Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.222. ...

Introduction️ One of the phases of dynamic analysis of Android applications is the interception of connections made by the application to remote servers. In the case that they use the HTTP protocol can be easily intercepted and manipulated with a proxy server since the protocol does not use encryption. But in the case that it uses the HTTPS protocol we will need to install an SSL certificate from a Certification Authority on our device since the connection will be encrypted with this one. Additionally, some applications use the technique of SSL Pinning, which consists in trusting only certain embedded certificates in the application.️ ...

Description Pilgrimage is an easy Hack The Box machine that features: Web Server File Enumeration Git Repository Exposure ImageMagick Arbitrary File Read Vulnerability Sensitive Data Exposure Privilege Escalation through Binwalk Remote Command Execution Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.219. $ ping -c 3 10.10.11.219 PING 10.10.11.219 (10.10.11.219) 56(84) bytes of data. 64 bytes from 10.10.11.219: icmp_seq=1 ttl=63 time=49.7 ms 64 bytes from 10.10.11.219: icmp_seq=2 ttl=63 time=50.4 ms 64 bytes from 10.10.11.219: icmp_seq=3 ttl=63 time=50.4 ms --- 10.10.11.219 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 49.718/50.178/50.410/0.325 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Description Sandworm is a medium Hack The Box machine that features: Flask web application vulnerable to Server Side Template Injection leading to Remote Command Execution User Pivoting by using leaked and re-used httpie credentials User Pivoting by infecting a Rust dependency administrated by Cargo package manager Privilege Escalation by using firejail vulnerability allowing running set-uid binaries Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.218. ...

Description Broker is an easy Hack The Box machine that features: ActiveMQ Remote Command Execution vulnerability Privilege Escalation via nginx web server executed as root user Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.243. $ ping -c 3 10.10.11.243 PING 10.10.11.243 (10.10.11.243) 56(84) bytes of data. 64 bytes from 10.10.11.243: icmp_seq=1 ttl=63 time=123 ms 64 bytes from 10.10.11.243: icmp_seq=2 ttl=63 time=122 ms 64 bytes from 10.10.11.243: icmp_seq=3 ttl=63 time=122 ms --- 10.10.11.243 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 122.114/122.682/123.477/0.579 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...