Posts

Introduction️ DMR (Digital Mobile Radio) is a digital radio standard developed by the ETSI (European Telecommunications Standards Institute), designed to replace analog radio systems and offer more efficient communications. It operates in TDMA (Time Division Multiple Access) with two time slots within a 12.5 kHz channel, allowing for simultaneous transmissions on the same frequency. It allows additional services beyond voice transmission, such as data sending, like text messages or location reports of terminals. Around voice, it allows both individual calls similar to mobile phone calls and group calls, where registered terminals can participate.️ ...

Description Administrator is an medium Hack The Box machine that features: Active Directory Enumeration using given user domain credentials Given user domain with GenericAll access grant to an user, allowing the user to change the password User domain with ForceChangePassword access grant to an user, allowing the user to change the password User can access to a FTP server that allows the recovery of a password manager backup Recovery of the master password of a password manager and its credentials User domain with GenericWrite access grant to an user, allowing the user to recover the Kerberos hash and the password Privilege Escalation with an user domain with the DCSync permissions, dumping the credentials Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.144.56. ...

Description LinkVortex is an easy Hack The Box machine that features: Subdomain Enumeration to find a hidden Git Repository Credential Leakage in a Git Repository Arbitrary File Read in Ghost CMS Password Reuse in Linux account found in Ghost configuration file Privilege Escalation via bypassing the restriction of a Bash script Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.39.160. ...

Introduction️ With the deployment of a virtual base station virtual and a mobile device with OsmocomBB software, it is now possible to analyze traffic generated when making a phone call or sending text messages using Wireshark.️ Starting the Wireshark tool.️ We start a new session of Wireshark, monitoring by -f UDP packets with the filter -Y gsmtap on the interface -i lo.️ wireshark -k -f udp -Y gsmtap -i lo Start of the virtual base station.️ We are starting the virtual base station.️ ...

Description Alert is an easy Hack The Box machine that features: PHP web application vulnerable to Cross-Site Scripting (XSS) PHP web application vulnerable to Server-Side Request Forgery (SSRF) PHP web application vulnerable to Path Traversal that leaks the credentials of a web server Web server credentials of a web server reused for the Linux system Privilege Escalation via a writable web server folder hosted with a service by root user Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.121.113. ...

Description Certified is an medium Hack The Box machine that features: Active Directory Enumeration using given user domain credentials Given user domain with WriteOwner access grant to a group, allowing the user to add itself to the group Group users has the GenericWrite access grant to a domain user with permissions to log into the machine, allowing changing the password Logged user has the GenericAll permission to a Certificate Authority user, allowing them to change its password and other user fields Privilege Escalation via impersonating the Administrator user using the ESC9 vulnerability in Certificate Templates used in Active Directory Certificate Services Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.24.237. ...

Description Chemistry is an easy Hack The Box machine that features: Arbitrary Code Execution in pymatgen Python library and CIF files User Pivoting by cracking a hashed password in a database file Local Port Forwarding of an internal web application using aiohttp Python library Privilege Escalation via a File Traversal vulnerability in aiohttp Python library that allows retrieving the private SSH key of the root user Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.79.219. ...

Description Instant is a medium Hack The Box machine that features: Leaked Administrator JWT token in the source code of an Android application package Subdomain enumeration in the XML network configuration of an Android application package API enumeration using one subdomain that provides the application documentation Brute Force to the login endpoint to recover the weak password of an API user Path Traversal vulnerability in an API endpoint that allows reading an user SSH private key Privilege Escalation by the decryption of a backup from the Solar-Putty application using a previously obtained password Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.132.27. ...

Introducción Amplifying the previous article, with the creation of a virtual GSM base station, it is possible to develop another proof of concept using the software OsmocomBB. With a phone with Calypso processor, such as the Motorola C115, C123, C140, C155 or V171, it is possible to create a physical GSM base station, with a limited functionality, only circuit-based operations such as sending and receiving text messages. This network can be connected to other physical devices by configuring the corresponding SIM card.️ ...

Description Cicada is an easy Hack The Box machine that features: Domain Controller enumeration using a NULL session User credentials recovered from a share accesible with a NULL session Domain Controller enumeration using a domain account User credentials recovered from the description of an user of the domain User credentials recovered from a share accesible with a domain account Initial access to the machine with a domain account that belongs to the Remote Management Users group Privilege Escalation via a dump of the SAM database using a domain account with the SeBackupPrivilege privilege Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.209.245. ...