Posts

Description Eighteen is an easy Hack The Box machine that features: Active Directory assumed breach scenario and service enumeration Microsoft SQL server user impersonation to read the web service database Password recovery via cracking a hash found in the MSSQL database User pivoting by password reuse and user enumerating by RID cycling attack Privilege Escalation via the group that the user belongs ability to write in a OU, exploiting dMSA, by using BadSuccessor attack Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.71.55. ...

Description Browsed is a medium Hack The Box machine that features: Upload of malicious Chrome extension to discover internal web pages Use of the Chrome extension to gain access to a local web application with Server Side Request Forgery SSRF of the internal application leads to Command Injection and Remote Command Execution Privilege Escalation by a writable Python cache directory and a Python program executable as root user Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.4.136. ...

Description Conversor is an easy Hack The Box machine that features: XSLT Injection in Python Flask web application leading to machine file writing File Writing in scripts directory leads to Remote Command Execution User Pivoting by recovering the password of the user from a SQLite database Privilege Escalation via needrestart Arbitrary Code Execution Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.21.73. ...

Description Gavel is a medium Hack The Box machine that features: Webpage enumeration to find a Git repository with the source code of the web application Brute force of a login form with a found username to access to the administrator dashboard Remote Command Execution in web application allowing the entering of PHP code entered by the user User Pivoting by password reuse Privilege Escalation via bypassing PHP disallowed functions and the web application vulnerability with commands executed as root user. Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.19.185. ...

Description Expressway is an easy Hack The Box machine that features: IKE IPSec server enumeration and PSK recovery Password Reuse for Linux user Privilege Escalation via a vulnerable SUDO application Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.62.220. $ ping -c 3 10.129.62.220 PING 10.129.62.220 (10.129.62.220) 56(84) bytes of data. 64 bytes from 10.129.62.220: icmp_seq=1 ttl=63 time=48.0 ms 64 bytes from 10.129.62.220: icmp_seq=2 ttl=63 time=48.7 ms 64 bytes from 10.129.62.220: icmp_seq=3 ttl=63 time=47.5 ms --- 10.129.62.220 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 47.508/48.072/48.719/0.497 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Description Giveback is a medium Hack The Box machine that features: WordPress plugin blog vulnerable to PHP Object Injection leading to Remote Command Execution in a Kubernetes container Kubernetes Network Enumeration to find another containers Container Pivoting via PHP-CGI Remote Command Execution vulnerability Use of a Kubernetes service account to read secrets containing passwords Password reuse for Linux user allows creating a shell in the host Linux machine Custom Executable password recovery via enumeration Privilege Escalation via a runc command protected with a password found previously Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.188.129. ...

Description Soulmate is an easy Hack The Box machine that features: Subdomain discovery to find a CrushFTP instance CrushFTP Authentication Bypass CrushFTP allows file upload in web server which leads in Remote Command Execution Erlang configuration script leads to user pivoting due to leaked credentials Privilege Escalation via a Erlang (EPMD) daemon running as root user Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.94.109. ...

Description Signed is a medium Hack The Box machine that features: Assumed breach scenario with credentials that leads in MSSQL service enumeration MSSQL service account NTLM hash capture and crack to elevate the privileges Privilege Escalation via the ability of creating silver tickets and the use of OPENROWSET(BULK) T-SQL query to read privileged files Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.186.204. ...

Introduction 5G is the fifth generation of mobile networks, designed to surpass 4G significantly in speed, capacity, and latency. Its objective is not limited to just browsing the internet faster, but to enable entirely new applications, such as autonomous vehicles, augmented reality, real-time telemedicine, and millions of connected devices simultaneously in the Internet of Things (IoT). In technical terms, 5G is characterized by three main pillars: eMBB (enhanced Mobile Broadband) for high-speed and large-capacity connections, URLLC (Ultra-Reliable Low Latency Communications) for critical communications with minimal latency, and mMTC (massive Machine-Type Communications) for efficiently connecting millions of IoT devices. ...

Description CodePartTwo is an easy Hack The Box machine that features: Remote Command Execution in Python application interfacing with Javascript code using js2py Recovery of a credential found in web application database and password reuse Privilege Escalation via npbackup backup application ran as root user Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.119.51. ...