Posts

Description Sandworm is a medium Hack The Box machine that features: Flask web application vulnerable to Server Side Template Injection leading to Remote Command Execution User Pivoting by using leaked and re-used httpie credentials User Pivoting by infecting a Rust dependency administrated by Cargo package manager Privilege Escalation by using firejail vulnerability allowing running set-uid binaries Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.218. ...

Description Broker is an easy Hack The Box machine that features: ActiveMQ Remote Command Execution vulnerability Privilege Escalation via nginx web server executed as root user Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.243. $ ping -c 3 10.10.11.243 PING 10.10.11.243 (10.10.11.243) 56(84) bytes of data. 64 bytes from 10.10.11.243: icmp_seq=1 ttl=63 time=123 ms 64 bytes from 10.10.11.243: icmp_seq=2 ttl=63 time=122 ms 64 bytes from 10.10.11.243: icmp_seq=3 ttl=63 time=122 ms --- 10.10.11.243 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 122.114/122.682/123.477/0.579 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Description Topology is an easy Hack The Box machine that features: VHOST Enumeration LaTeX command injection Sensitive Data Exposure Apache Password Hash Cracking Privilege Escalation via Gnuplot Cron job Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.217. $ ping -c 3 10.10.11.217 PING 10.10.11.217 (10.10.11.217) 56(84) bytes of data. 64 bytes from 10.10.11.217: icmp_seq=1 ttl=63 time=49.6 ms 64 bytes from 10.10.11.217: icmp_seq=2 ttl=63 time=50.5 ms 64 bytes from 10.10.11.217: icmp_seq=3 ttl=63 time=49.1 ms --- 10.10.11.217 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 49.127/49.749/50.485/0.560 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Introduction️ To perform a security audit of an Android application, it is necessary to create a customized environment, which can be based on a physical device or an emulator. For most cases, an emulator will suffice. In this article we will create a virtual machine for Android in x86_64 architecture, and modify it by installing Magisk, to obtain superuser permissions and install modules, and install some applications.️ Installing the Android Emulator For the Android emulator, we have chosen the official Android IDE, Android Studio, which includes support for Android Virtual Devices (AVD). To install the IDE, simply go to its official website and download the installer by accepting the license terms. During the installation process, when selecting the components to install, we will deselect the option Android Virtual Device, as we will configure it later. In this case, we will install the IDE in our Documents directory.️ ...

Description PC is an easy Hack The Box machine that features: gRPC enumeration SQL Injection over gRPC Sensitive Data Exposure PyLoad Vulnerability Privilege Escalation Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.214. $ ping -c 3 10.10.11.214 PING 10.10.11.214 (10.10.11.214) 56(84) bytes of data. 64 bytes from 10.10.11.214: icmp_seq=1 ttl=63 time=44.1 ms 64 bytes from 10.10.11.214: icmp_seq=2 ttl=63 time=43.8 ms 64 bytes from 10.10.11.214: icmp_seq=3 ttl=63 time=43.4 ms --- 10.10.11.214 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2005ms rtt min/avg/max/mdev = 43.448/43.806/44.133/0.280 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Description Jupiter is a medium Hack The Box machine that features: Subdomain Enumeration to find an opened Grafana dashboard SQL Injection in Grafana due to use raw PostgreSQL queries leading to Remote Command Execution User Pivoting by interacting with Cron job executed by another user User Pivoting by using the Jupiter Notebook ran by another user leading Privilege Escalation by exploiting a custom binary ability of downloading and creating files Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.216. ...

Introduction️ Firebase Firestore is a NoSQL cloud database provided by Google as part of the Firebase platform that allows developers to store, synchronize and query data in real-time for web, mobile and server applications. Data are organized into individual documents grouped into collections. Each document is a JSON data structure containing key-value pairs.️ Regarding the possible security issues that could be left unprotected by a project that uses Firebase Firestore, here are some points to consider: ...

Description Format is a medium Hack The Box machine that features: Local File Inclusion and File Writing vulnerability in PHP application Nginx proxy_pass directive allows writing to a Redis socket User Pivoting via a password retrieve from the Redis database Privilege Escalation via Python variable printing with a custom license generator Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.213. ...

Description Aero is a medium Hack The Box machine that features: Windows Themes vulnerability allowing Remote Command Execution Privilege Escalation via Common Log File System vulnerability Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.237. $ ping -c 3 10.10.11.237 PING 10.10.11.237 (10.10.11.237) 56(84) bytes of data. 64 bytes from 10.10.11.237: icmp_seq=1 ttl=127 time=118 ms 64 bytes from 10.10.11.237: icmp_seq=2 ttl=127 time=118 ms 64 bytes from 10.10.11.237: icmp_seq=3 ttl=127 time=118 ms --- 10.10.11.237 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 118.253/118.306/118.400/0.066 ms The machine is active and with the TTL that equals 127 (128 minus 1 jump) we can assure that it is an Windows machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Description Wifinetic is an easy Hack The Box machine that features: Anonymous FTP server allows retrieving credentials and a backup of a configuration of OpenWRT Privilege Escalation via a recovery of a Wi-Fi password by a vulnerability of the Wi-Fi protocol Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.247. $ ping -c 3 10.10.11.247 PING 10.10.11.247 (10.10.11.247) 56(84) bytes of data. 64 bytes from 10.10.11.247: icmp_seq=1 ttl=63 time=51.0 ms 64 bytes from 10.10.11.247: icmp_seq=2 ttl=63 time=56.6 ms 64 bytes from 10.10.11.247: icmp_seq=3 ttl=63 time=55.1 ms --- 10.10.11.247 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 50.966/54.204/56.583/2.372 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...