Posts

Description Heal is a medium Hack The Box machine that features: Path Traversal in a Ruby on Rails web application Database Dump of a Ruby on Rails web Application Weak password found in database dump allows the login to LimeSurvey application Remote Command Execution using LimeSurvey application and the upload of a malicious plugin User Pivoting by using a reused password from a configuration file of LimeSurvey Privilege Escalation by abusing a weak instance of Consul that allows the execution of commands Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.30.209. ...

Description UnderPass is an easy Hack The Box machine that features: SNMP Enumeration to find an installed web application Use of default credentials in the RADIUS management web application User and Password Enumeration of the RADIUS web application Password Reuse of RADIUS user in Linux server Privilege Escalation via Mosh (Mobile Shell) command executed with root permissions Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.145.216. ...

Introduction️ DMR (Digital Mobile Radio) is a digital radio standard developed by the ETSI (European Telecommunications Standards Institute), designed to replace analog radio systems and offer more efficient communications. It operates in TDMA (Time Division Multiple Access) with two time slots within a 12.5 kHz channel, allowing for simultaneous transmissions on the same frequency. It allows additional services beyond voice transmission, such as data sending, like text messages or location reports of terminals. Around voice, it allows both individual calls similar to mobile phone calls and group calls, where registered terminals can participate.️ ...

Description Administrator is an medium Hack The Box machine that features: Active Directory Enumeration using given user domain credentials Given user domain with GenericAll access grant to an user, allowing the user to change the password User domain with ForceChangePassword access grant to an user, allowing the user to change the password User can access to a FTP server that allows the recovery of a password manager backup Recovery of the master password of a password manager and its credentials User domain with GenericWrite access grant to an user, allowing the user to recover the Kerberos hash and the password Privilege Escalation with an user domain with the DCSync permissions, dumping the credentials Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.144.56. ...

Description LinkVortex is an easy Hack The Box machine that features: Subdomain Enumeration to find a hidden Git Repository Credential Leakage in a Git Repository Arbitrary File Read in Ghost CMS Password Reuse in Linux account found in Ghost configuration file Privilege Escalation via bypassing the restriction of a Bash script Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.39.160. ...

Introduction️ With the deployment of a virtual base station virtual and a mobile device with OsmocomBB software, it is now possible to analyze traffic generated when making a phone call or sending text messages using Wireshark.️ Starting the Wireshark tool.️ We start a new session of Wireshark, monitoring by -f UDP packets with the filter -Y gsmtap on the interface -i lo.️ wireshark -k -f udp -Y gsmtap -i lo Start of the virtual base station.️ We are starting the virtual base station.️ ...

Description Alert is an easy Hack The Box machine that features: PHP web application vulnerable to Cross-Site Scripting (XSS) PHP web application vulnerable to Server-Side Request Forgery (SSRF) PHP web application vulnerable to Path Traversal that leaks the credentials of a web server Web server credentials of a web server reused for the Linux system Privilege Escalation via a writable web server folder hosted with a service by root user Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.121.113. ...

Description Certified is an medium Hack The Box machine that features: Active Directory Enumeration using given user domain credentials Given user domain with WriteOwner access grant to a group, allowing the user to add itself to the group Group users has the GenericWrite access grant to a domain user with permissions to log into the machine, allowing changing the password Logged user has the GenericAll permission to a Certificate Authority user, allowing them to change its password and other user fields Privilege Escalation via impersonating the Administrator user using the ESC9 vulnerability in Certificate Templates used in Active Directory Certificate Services Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.24.237. ...

Description Chemistry is an easy Hack The Box machine that features: Arbitrary Code Execution in pymatgen Python library and CIF files User Pivoting by cracking a hashed password in a database file Local Port Forwarding of an internal web application using aiohttp Python library Privilege Escalation via a File Traversal vulnerability in aiohttp Python library that allows retrieving the private SSH key of the root user Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.79.219. ...

Description Instant is a medium Hack The Box machine that features: Leaked Administrator JWT token in the source code of an Android application package Subdomain enumeration in the XML network configuration of an Android application package API enumeration using one subdomain that provides the application documentation Brute Force to the login endpoint to recover the weak password of an API user Path Traversal vulnerability in an API endpoint that allows reading an user SSH private key Privilege Escalation by the decryption of a backup from the Solar-Putty application using a previously obtained password Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.132.27. ...