Introduction️ Various applications related to banking environments or public administrations contain restrictions that prevent their execution on Android mobile devices that have been altered, for example, after installing Magisk and obtaining super administrator permissions, unlocking the boot loader, or if they are running in emulators and not on real devices, all of this to avoid analysis.️ In an example application, we will have to remove those restrictions from the source code of the application. One option will be to unpack the application and modify the .smali code, which is a type of low-level non-binary bytecode that can be read. For this, we will first extract the corresponding APK file for the application and decompile the source code of the application using the tool JADX.️ ...

Description WifineticTwo is an medium Hack The Box machine that features: Remote Command Execution in the OpenPLC 3 application Wi-Fi Password Recovery by using WPS protocol and Reaver tool Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.107.4. $ ping -c 3 10.129.107.4 PING 10.129.107.4 (10.129.107.4) 56(84) bytes of data. 64 bytes from 10.129.107.4: icmp_seq=1 ttl=63 time=47.2 ms 64 bytes from 10.129.107.4: icmp_seq=2 ttl=63 time=46.7 ms 64 bytes from 10.129.107.4: icmp_seq=3 ttl=63 time=59.1 ms --- 10.129.107.4 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 46.694/50.990/59.085/5.727 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Description Headless is an easy Hack The Box machine that features: Cross Site Scripting (XSS) in a User-Agent field to steal cookies Command Injection in a form Privilege Escalation via a vulnerable script executed with SUDO command Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.248.249. $ ping -c 3 10.129.248.249 PING 10.129.248.249 (10.129.248.249) 56(84) bytes of data. 64 bytes from 10.129.248.249: icmp_seq=1 ttl=63 time=48.2 ms 64 bytes from 10.129.248.249: icmp_seq=2 ttl=63 time=48.7 ms 64 bytes from 10.129.248.249: icmp_seq=3 ttl=63 time=48.4 ms --- 10.129.248.249 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 48.160/48.421/48.714/0.227 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Description Perfection is an easy Hack The Box machine that features: Ruby web application Server Side Template Injection (SSTI) Sensitive Data Exposure in a SQLite database Hash cracking using a custom mask Privilege escalation via the password previously recovered and weak permissions Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.144.202. $ ping -c 3 10.129.144.202 PING 10.129.144.202 (10.129.144.202) 56(84) bytes of data. 64 bytes from 10.129.144.202: icmp_seq=1 ttl=63 time=52.2 ms 64 bytes from 10.129.144.202: icmp_seq=2 ttl=63 time=51.6 ms 64 bytes from 10.129.144.202: icmp_seq=3 ttl=63 time=52.1 ms --- 10.129.144.202 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 51.565/51.967/52.210/0.286 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Introduction️ Webpack is a module bundler for modern JavaScript applications. Its main function is to take modules with dependencies and generate static assets that represent those modules. Webpack can handle a variety of files and convert them into a single file or several files that are more efficient to serve in a web application.️ The source maps are files that map the compressed or transformed code (such as the one produced after compilation and minification with Webpack) to its original source code. These files are extremely useful for debugging, since they allow developers to see and work with the original code in the browser, even if the code actually running has been transformed.️ ...

Description Jab is a medium Hack The Box machine that features: Anonymous account creation in a Jabber server User enumeration in a Jabber server Windows user enumeration and ASREPRoast attack to obtain a hash and a password Sensitive Data Exposure in a Jabber chat Remote Command Execution using DCOM Exec Privilege Escalation via a password Blowfish hash cracking of an Openfire service Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.106.86. ...

Description Crafty is an easy Hack The Box machine that features: Minecraft 1.16.5 Log4j Remote Command Execution Vulnerability Sensitive Data Exposure in a Minecraft Plugin Privilege Escalation via a Leaked Credential Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.222.13. $ ping -c 3 10.129.222.13 PING 10.129.222.13 (10.129.222.13) 56(84) bytes of data. 64 bytes from 10.129.222.13: icmp_seq=1 ttl=127 time=42.5 ms 64 bytes from 10.129.222.13: icmp_seq=2 ttl=127 time=46.6 ms 64 bytes from 10.129.222.13: icmp_seq=3 ttl=127 time=43.0 ms --- 10.129.222.13 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 42.516/44.063/46.626/1.824 ms The machine is active and with the TTL that equals 127 (128 minus 1 jump) we can assure that it is an Windows machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Description Pov is a medium Hack The Box machine that features: Subdomain Enumeration Local File Inclusion in ASP.NET application Remote Command Execution using VIEWSTATE parameter in ASP.NET Sensitive Data Exposure (credentials of other user) in PowerShell format Privilege Escalation via SeDebugPrivilege privilege Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.231.64. $ ping -c 3 10.129.231.64 PING 10.129.231.64 (10.129.231.64) 56(84) bytes of data. 64 bytes from 10.129.231.64: icmp_seq=1 ttl=127 time=95.5 ms 64 bytes from 10.129.231.64: icmp_seq=2 ttl=127 time=53.0 ms 64 bytes from 10.129.231.64: icmp_seq=3 ttl=127 time=75.1 ms --- 10.129.231.64 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 52.970/74.506/95.477/17.358 ms The machine is active and with the TTL that equals 127 (128 minus 1 jump) we can assure that it is an Windows machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Introduction️ A blind SQL injection is a type of SQL injection attack in which an attacker attempts to execute SQL commands on a database without receiving direct feedback about the results of queries. However, attackers can infer useful information by observing the application’s behavior or response time. In this case, the technique based on time will be used, although there is also one based on booleans.️ Here, the attacker introduces a SQL query that makes the database wait for a certain time before responding. If the application takes longer to respond, the attacker can infer that the injection was successful. For example, an attacker could try: ...

Description Bizness is an easy Hack The Box machine that features: Vulnerable Apache Ofbiz Authentication Bypass and Remote Command Execution Privilege Escalation via a customized password hash cracking with John The Ripper and Password Reuse Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.251.57. $ ping -c 3 10.129.251.57 PING 10.129.251.57 (10.129.251.57) 56(84) bytes of data. 64 bytes from 10.129.251.57: icmp_seq=1 ttl=63 time=47.1 ms 64 bytes from 10.129.251.57: icmp_seq=2 ttl=63 time=47.3 ms 64 bytes from 10.129.251.57: icmp_seq=3 ttl=63 time=46.3 ms --- 10.129.251.57 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2003ms rtt min/avg/max/mdev = 46.318/46.918/47.312/0.431 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...