Posts

Description OnlyForYou is a medium Hack The Box machine that features: Local File Inclusion in Python web application revealing source code of other application Main web application vulnerable to Command Injection Internal service discovery and Cypher Neo4j injection to obtain credentials for user pivoting Privilege Escalation via an user allowed to run pip3 download command with command execution Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.210. ...

Description Busqueda is an easy Hack The Box machine that features: Arbitrary Code Execution via Unsanitized Python Eval Sensitive Data Exposure VHOST Discover Bypassing Paths of Python File Privilege Escalation Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.208. $ ping -c 3 10.10.11.208 PING 10.10.11.208 (10.10.11.208) 56(84) bytes of data. 64 bytes from 10.10.11.208: icmp_seq=1 ttl=63 time=43.8 ms 64 bytes from 10.10.11.208: icmp_seq=2 ttl=63 time=43.8 ms 64 bytes from 10.10.11.208: icmp_seq=3 ttl=63 time=43.3 ms --- 10.10.11.208 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 43.335/43.657/43.843/0.229 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Description Agile is a medium Hack The Box machine that features: Path Traversal in web application with Werkzeug debug activated leading to Remote Command Execution User Pivoting by leaked credentials in the password database User Pivoting by watching and interacting with Selenium session Privilege Escalation via a modification of the Python virtualenv initialization script with a SUDO vulnerability Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.203. ...

Introduction️ Between the capabilities of the device Flipper Zero is the decoding of radio protocols below 1 GHz (Sub-GHz) frequencies. One of the available applications is Weather Station that decodes signals from temperature and humidity sensors. Due to the architecture of the application and the nature of the code project it is possible to add new protocols to the application.️ We will add the TWINS protocol based on ThermoPRO-TX4 and Polaroid based on inFactory-TH. We will also observe how to compile the application.️ ...

Description Socket is a medium Hack The Box machine that features: Reverse Engineering and PyInstaller decompiling to discover Python code SQL Injection to a WebSocket endpoint revealing credentials Reused credentials and SSH login Privilege Escalation via a PyInstaller build script that allow extracting sensitive files Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.206. ...

Description Inject is an easy Hack The Box machine that features: Local File Inclusion Remote Command Execution Sensitive Data Exposure Ansible Playbook Privilege Escalation Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.204. $ ping -c 3 10.10.11.204 PING 10.10.11.204 (10.10.11.204) 56(84) bytes of data. 64 bytes from 10.10.11.204: icmp_seq=1 ttl=63 time=46.8 ms 64 bytes from 10.10.11.204: icmp_seq=2 ttl=63 time=44.3 ms 64 bytes from 10.10.11.204: icmp_seq=3 ttl=63 time=43.9 ms --- 10.10.11.204 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 43.861/44.977/46.769/1.279 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Introduction️ The web MalAPI.io collects a list of Windows APIs that can be used by malicious programs to perform unwanted actions on the operating system. To analyze executables in search of these strings, a Python tool has been developed that automatically scans the file passed as a parameter.️ Use of MalAPI Scanner️ To use, simply pass the executable file to analyze as a parameter and have the malapi.json file in the same directory with the API database extracted from the website. This is an example of its execution.️ ...

Description Stocker is an easy Hack The Box machine that features: VHOST Enumeration NoSQL injection Server Side XSS (Dynamic PDF) Sensitive Data Exposure Sudo Execution Bypassing Paths Privilege Escalation Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.196. $ ping -c 3 10.10.11.196 PING 10.10.11.196 (10.10.11.196) 56(84) bytes of data. 64 bytes from 10.10.11.196: icmp_seq=1 ttl=63 time=43.3 ms 64 bytes from 10.10.11.196: icmp_seq=2 ttl=63 time=43.5 ms 64 bytes from 10.10.11.196: icmp_seq=3 ttl=63 time=43.3 ms --- 10.10.11.196 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 43.315/43.389/43.527/0.097 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Description Escape is a medium Hack The Box machine that features: PDF file of a accesible SMB share reveals MSSQL credentials MSSQL service account NTLM hash capture and crack to elevate the privileges User Pivoting by leaked credentials in a log file Privilege Escalation via impersonating the Administrator user using the ESC1 vulnerability in Certificate Templates used in Active Directory Certificate Services Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.202. ...

Description Soccer is an easy Hack The Box machine that features: Directory Enumeration Use of Default Credentials Remote Code Execution VHOST Discovering SQL Injection over WebSocket Sensitive Data Exposure DOAS Privilege Escalation. Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.194. $ ping -c 3 10.10.11.194 PING 10.10.11.194 (10.10.11.194) 56(84) bytes of data. 64 bytes from 10.10.11.194: icmp_seq=1 ttl=63 time=44.3 ms 64 bytes from 10.10.11.194: icmp_seq=2 ttl=63 time=43.3 ms 64 bytes from 10.10.11.194: icmp_seq=3 ttl=63 time=43.7 ms --- 10.10.11.194 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2003ms rtt min/avg/max/mdev = 43.340/43.755/44.276/0.389 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...