Description Aero is a medium Hack The Box machine that features: Windows Themes vulnerability allowing Remote Command Execution Privilege Escalation via Common Log File System vulnerability Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.237. $ ping -c 3 10.10.11.237 PING 10.10.11.237 (10.10.11.237) 56(84) bytes of data. 64 bytes from 10.10.11.237: icmp_seq=1 ttl=127 time=118 ms 64 bytes from 10.10.11.237: icmp_seq=2 ttl=127 time=118 ms 64 bytes from 10.10.11.237: icmp_seq=3 ttl=127 time=118 ms --- 10.10.11.237 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 118.253/118.306/118.400/0.066 ms The machine is active and with the TTL that equals 127 (128 minus 1 jump) we can assure that it is an Windows machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Description Wifinetic is an easy Hack The Box machine that features: Anonymous FTP server allows retrieving credentials and a backup of a configuration of OpenWRT Privilege Escalation via a recovery of a Wi-Fi password by a vulnerability of the Wi-Fi protocol Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.247. $ ping -c 3 10.10.11.247 PING 10.10.11.247 (10.10.11.247) 56(84) bytes of data. 64 bytes from 10.10.11.247: icmp_seq=1 ttl=63 time=51.0 ms 64 bytes from 10.10.11.247: icmp_seq=2 ttl=63 time=56.6 ms 64 bytes from 10.10.11.247: icmp_seq=3 ttl=63 time=55.1 ms --- 10.10.11.247 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 50.966/54.204/56.583/2.372 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Description MonitorsTwo is an easy Hack The Box machine that features: Remote Command Execution Sensitive Data Exposure Hash Cracking Misconfigured Docker and SUID Privilege Escalation Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.211. $ ping -c 3 10.10.11.211 PING 10.10.11.211 (10.10.11.211) 56(84) bytes of data. 64 bytes from 10.10.11.211: icmp_seq=1 ttl=63 time=42.8 ms 64 bytes from 10.10.11.211: icmp_seq=2 ttl=63 time=44.7 ms 64 bytes from 10.10.11.211: icmp_seq=3 ttl=63 time=43.5 ms --- 10.10.11.211 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2003ms rtt min/avg/max/mdev = 42.750/43.657/44.715/0.809 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Introducción The buffer overflow, also known as buffer overflow, is a security vulnerability in software programming that occurs when more data is introduced into a memory area (buffer) than it can handle. This situation may allow an attacker to overwrite adjacent data in the memory, which potentially leads to the execution of malicious code or alteration of a program’s flow.️ When a program does not verify the amount of data entered into a buffer, it risks an attacker exploiting this weakness to inject malicious code, overwrite important information or even take control of the system. Prevention of buffer overflow involves good programming practices and the use of security techniques such as input validation and boundary checking to prevent this type of vulnerability.️ ...

Description OnlyForYou is a medium Hack The Box machine that features: Local File Inclusion in Python web application revealing source code of other application Main web application vulnerable to Command Injection Internal service discovery and Cypher Neo4j injection to obtain credentials for user pivoting Privilege Escalation via an user allowed to run pip3 download command with command execution Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.210. ...

Description Busqueda is an easy Hack The Box machine that features: Arbitrary Code Execution via Unsanitized Python Eval Sensitive Data Exposure VHOST Discover Bypassing Paths of Python File Privilege Escalation Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.208. $ ping -c 3 10.10.11.208 PING 10.10.11.208 (10.10.11.208) 56(84) bytes of data. 64 bytes from 10.10.11.208: icmp_seq=1 ttl=63 time=43.8 ms 64 bytes from 10.10.11.208: icmp_seq=2 ttl=63 time=43.8 ms 64 bytes from 10.10.11.208: icmp_seq=3 ttl=63 time=43.3 ms --- 10.10.11.208 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 43.335/43.657/43.843/0.229 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Description Agile is a medium Hack The Box machine that features: Path Traversal in web application with Werkzeug debug activated leading to Remote Command Execution User Pivoting by leaked credentials in the password database User Pivoting by watching and interacting with Selenium session Privilege Escalation via a modification of the Python virtualenv initialization script with a SUDO vulnerability Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.203. ...

Introduction️ Between the capabilities of the device Flipper Zero is the decoding of radio protocols below 1 GHz (Sub-GHz) frequencies. One of the available applications is Weather Station that decodes signals from temperature and humidity sensors. Due to the architecture of the application and the nature of the code project it is possible to add new protocols to the application.️ We will add the TWINS protocol based on ThermoPRO-TX4 and Polaroid based on inFactory-TH. We will also observe how to compile the application.️ ...

Description Socket is a medium Hack The Box machine that features: Reverse Engineering and PyInstaller decompiling to discover Python code SQL Injection to a WebSocket endpoint revealing credentials Reused credentials and SSH login Privilege Escalation via a PyInstaller build script that allow extracting sensitive files Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.206. ...

Description Inject is an easy Hack The Box machine that features: Local File Inclusion Remote Command Execution Sensitive Data Exposure Ansible Playbook Privilege Escalation Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.204. $ ping -c 3 10.10.11.204 PING 10.10.11.204 (10.10.11.204) 56(84) bytes of data. 64 bytes from 10.10.11.204: icmp_seq=1 ttl=63 time=46.8 ms 64 bytes from 10.10.11.204: icmp_seq=2 ttl=63 time=44.3 ms 64 bytes from 10.10.11.204: icmp_seq=3 ttl=63 time=43.9 ms --- 10.10.11.204 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 43.861/44.977/46.769/1.279 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...