Description Monitored is a medium Hack The Box machine that features: LDAP and SNMP Service Enumeration Nagios XI CVE-2023-40931 SQL Injection vulnerability Nagios Remote Command Execution using an Administrator account Privilege Escalation via a vulnerable SUDO script Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.242.138. $ ping -c 3 10.129.242.138 PING 10.129.242.138 (10.129.242.138) 56(84) bytes of data. 64 bytes from 10.129.242.138: icmp_seq=1 ttl=63 time=46.4 ms 64 bytes from 10.129.242.138: icmp_seq=2 ttl=63 time=45.5 ms 64 bytes from 10.129.242.138: icmp_seq=3 ttl=63 time=45.1 ms --- 10.129.242.138 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 45.104/45.662/46.399/0.543 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Description Devvortex is an easy Hack The Box machine that features: VHOST Enumeration Joomla CVE-2023-23752 Information Exposure vulnerability Remote Code Execution using a Joomla Template Password Cracking from a MySQL database Password Reuse Privilege Escalation by using vulnerable apport-cli application. Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.168.118. $ ping -c 3 10.129.168.118 PING 10.129.168.118 (10.129.168.118) 56(84) bytes of data. 64 bytes from 10.129.168.118: icmp_seq=1 ttl=63 time=41.4 ms 64 bytes from 10.129.168.118: icmp_seq=2 ttl=63 time=40.7 ms 64 bytes from 10.129.168.118: icmp_seq=3 ttl=63 time=40.0 ms --- 10.129.168.118 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 40.038/40.710/41.386/0.550 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Introducción A handshake WPA (Wi-Fi Protected Access) is a process in which a client device authenticates with an access point that uses the security protocol WPA. During this process, the client device and the access point exchange information to establish a secure connection. This information includes cryptographic data used to encrypt communication between the client device and the access point, ensuring thus the privacy and security of the Wi-Fi connection. In computer security environments, capturing a handshake WPA can be used to perform brute-force attacks to decrypt the Wi-Fi network password.️ ...

Description Surveillance is a medium Hack The Box machine that features: Vulnerable Craft CMS allowing Remote Command Execution Sensitive Data Exposure from Backups Password Cracking using John the Ripper Password Reuse Vulnerable ZoneMinder allowing Remote Command Execution Privilege Escalation via an incorrectly detainted Perl script Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.178.62. ...

Description Hospital is a medium Hack The Box machine that features: Arbitrary File Upload, Privilege Escalation via Ubuntu Linux Kernel vulnerability CVE-2023-2640 Shadow File Hash Cracking with John the Ripper Password Reuse GhostScript CVE-2023-36664 Command Injection vulnerability Privilege Escalation via a Misconfigured Apache running as System User Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.164.203. ...

Description Codify is an easy Hack The Box machine that features: Sandbox Escape in NodeJS vm2 Library Password Hash from a Database Cracking Password Reuse Escalation via a Bash Pattern Matching Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.151.136. $ ping -c 3 10.129.151.136 PING 10.129.151.136 (10.129.151.136) 56(84) bytes of data. 64 bytes from 10.129.151.136: icmp_seq=1 ttl=63 time=44.2 ms 64 bytes from 10.129.151.136: icmp_seq=2 ttl=63 time=42.6 ms 64 bytes from 10.129.151.136: icmp_seq=3 ttl=63 time=42.8 ms --- 10.129.151.136 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2003ms rtt min/avg/max/mdev = 42.646/43.207/44.205/0.707 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Introduction️ Kali Linux is a security auditing Linux distribution based on Debian GNU/Linux. Kali is aimed at security professionals and IT administrators, allowing them to perform advanced penetration testing, forensic analysis, and security audits. Debian GNU/Linux is one of the main generic Linux distributions, known for its quality and stability. Kali Linux is based on the work of the Debian project and adds over 400 special purpose packages of its own, all related to information security, particularly in the field of penetration testing. The default ISO images can be downloaded from the Kali website.️ ...

Description Analytics is an easy Hack The Box machine that features: Vulnerable Metabase Remote Command Execution Sensitive Data Exposure in a Docker Container Privilege Escalation via Ubuntu Linux Kernel vulnerability CVE-2023-2640 Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.233. $ ping -c 3 10.10.11.233 PING 10.10.11.233 (10.10.11.233) 56(84) bytes of data. 64 bytes from 10.10.11.233: icmp_seq=1 ttl=63 time=42.0 ms 64 bytes from 10.10.11.233: icmp_seq=2 ttl=63 time=51.4 ms 64 bytes from 10.10.11.233: icmp_seq=3 ttl=63 time=134 ms --- 10.10.11.233 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2003ms rtt min/avg/max/mdev = 42.020/75.700/133.650/41.156 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Description Manager is a medium Hack The Box machine that features: Active Directory Enumeration Use of Weak Passwords Sensitive Data Exposure AD CS Domain Privilege Escalation Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.236. $ ping -c 3 10.10.11.236 PING 10.10.11.236 (10.10.11.236) 56(84) bytes of data. 64 bytes from 10.10.11.236: icmp_seq=1 ttl=127 time=43.8 ms 64 bytes from 10.10.11.236: icmp_seq=2 ttl=127 time=42.3 ms 64 bytes from 10.10.11.236: icmp_seq=3 ttl=127 time=43.3 ms --- 10.10.11.236 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 42.294/43.131/43.766/0.617 ms The machine is active and with the TTL that equals 127 (128 minus 1 jump) we can assure that it is an Windows machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Description CozyHosting is an easy Hack The Box machine that features: Misconfigured Spring Application Command Injection Sensitive Data Exposure Password Hash Crack Privilege Escalation via a vulnerable command Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.208. $ ping -c 3 10.10.11.230 PING 10.10.11.230 (10.10.11.230) 56(84) bytes of data. 64 bytes from 10.10.11.230: icmp_seq=1 ttl=63 time=42.5 ms 64 bytes from 10.10.11.230: icmp_seq=2 ttl=63 time=42.2 ms 64 bytes from 10.10.11.230: icmp_seq=3 ttl=63 time=42.4 ms --- 10.10.11.230 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2003ms rtt min/avg/max/mdev = 42.185/42.372/42.541/0.145 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...