Posts

Description Encoding is a medium Hack The Box machine that features: Web application vulnerable to File Reading vulnerability Discovery of other application vulnerable to Local File Inclusion vulnerability User Pivoting by using a malicious Git hook executed after a commit Privilege Escalation via a creation of a malicious Systemd service Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.198. ...

Description BroScience is a medium Hack The Box machine that features: Path Traversal vulnerability in PHP web application that leads into source code read PHP deserialization attack in PHP application that leads into file upload and remote command execution User Pivoting by using reused credentials cracked from a Postgres database Privilege Escalation by Command Injection in a Bash script executed by root user Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.195. ...

Description Mentor is a medium Hack The Box machine that features: Subdomain Enumerating to discover an API domain API domain endpoint discovery SNMP enumeration to discover community string and credentials API Command Injection to get a shell in a Docker container Docker container escape by using Postgres database credentials Privilege Escalation by using credential leaked in SNMP server configuration file Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.193. ...

Description Forgot is a medium Hack The Box machine that features: HTTP Host Header Injection to obtain a password recovery link Web Cache Deception vulnerability to read the administration dashboard and credentials Privilege Escalation via a TensorFlow script vulnerable to Command Injection Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.188. $ ping -c 3 10.10.11.188 PING 10.10.11.188 (10.10.11.188) 56(84) bytes of data. 64 bytes from 10.10.11.188: icmp_seq=1 ttl=63 time=43.5 ms 64 bytes from 10.10.11.188: icmp_seq=2 ttl=63 time=43.8 ms 64 bytes from 10.10.11.188: icmp_seq=3 ttl=63 time=44.2 ms --- 10.10.11.188 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2005ms rtt min/avg/max/mdev = 43.469/43.813/44.183/0.292 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Description Awkward is a medium Hack The Box machine that features: API Enumeration to obtain web application credentials Server Side Request Forgery in web application to discover internal web application hosting documentation Reading documentation about an insecure endpoint vulnerable to file reading vulnerability leading to credential gathering Privilege Escalation via file writing in web server permission and mail command injection Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.185. ...

Description Photobomb is an easy Hack The Box machine that features: Access to restricted web page by using leaked credentials found in a JavaScript source code Command Injection in web endpoint used to convert images Privilege Escalation via a script allowed to be executed as root user with binaries without absolute path and allowed to use custom environment variables Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.182. ...

Description Ambassador is a medium Hack The Box machine that features: Path Traversal vulnerability in Grafana that allows reading administrator and MySQL service credentials MySQL database contains plain-text credentials of a Linux user Privilege Escalation by using Consul application executed as root user and leaked authentication token in a GIt repository Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.183. ...

Description UpDown is a medium Hack The Box machine that features: Web server directory enumeration to find the source code of the application in beta phase Source code of the application allow access to the beta application via a special HTTP header Source code of the application reveals that it is vulnerable to Insecure File Upload and to Local File Inclusion, which end in a Remote Command Execution vulnerability User Pivoting by using a Python program in binary format allowed to be executed as other user Privilege Escalation by using the easy_install command allowed to be run as root user Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.177. ...

Description Shoppy is an easy Hack The Box machine that features: Web application Authentication Bypass by using a NoSQL injection User Enumeration by using a NoSQL injection to obtain an user hashed password Service Enumeration to find a Mattermost instance which credentials to login in the machine User Pivoting by reverse engineering a password manager application Privilege Escalation by creating a Docker container with root permissions to create malicious binaries Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.180. ...

Description Health is a medium Hack The Box machine that features: Web application with Server Side Request Forgery vulnerability by using a proxy server and redirects Access to a vulnerable Gogs Git service vulnerable to SQL Injection Deploy of local Gogs server to find the SQL Injection payload for retrieving user data Password hash recognition and recovery Privilege Escalation by abusing Cron functionality of the web application executed by root user Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.176. ...