Posts

Description Trickster is a medium Hack The Box machine that features: Cross-Site-Scripting in PrestaShop application that leads into Remote Code Execution User Pivoting by recovering the password of the user from the PrestaShop MySQL database Docker internal application changedetection.io discovery and local port forwarding Remote Code Execution in changedetection.io Docker application Privilege Escalation via a password leak in the Bash History of the container Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.80.146. ...

Introduction️ Osmocom (Open Source Mobile Communications) is an open source project dedicated to developing software and tools for mobile communication networks. Its main objective is to implement a range of mobile network technologies, such as GSM (2G), in an open and accessible way, with its different modules in the form of libraries.️ The project related to the creation of mobile networks is the CNI (Cellular Network Infrastructure), which are implementations of the protocol stack and network elements of GSM. The projects used for creating the network are OsmoMSC, OsmoBSC, OsmoSTP, OsmoHLR, OsmoMGW. On the other hand, we need the element that creates the base station, OsmoBTS, which supports different hardware and software devices. And finally, the transceiver that will support OsmoBTS, the component OsmocomBB.️ ...

Description Strutted is a medium Hack The Box machine that features: Image upload web application with Apache Struts vulnerable to Remote Command Execution User Pivoting by leaked credential in a configuration file Privilege Escalation by using tcpdump tool ran as root user Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.59. $ ping -c 3 10.10.11.59 PING 10.10.11.59 (10.10.11.59) 56(84) bytes of data. 64 bytes from 10.10.11.59: icmp_seq=1 ttl=63 time=44.1 ms 64 bytes from 10.10.11.59: icmp_seq=2 ttl=63 time=43.3 ms 64 bytes from 10.10.11.59: icmp_seq=3 ttl=63 time=43.5 ms --- 10.10.11.59 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 43.274/43.637/44.093/0.340 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...

Description MonitorsThree is a medium Hack The Box machine that features: SQL Injection in a web application to obtain user credentials Authenticated Remote Command Execution in Cacti web application Hash Cracking to obtain an user’s password, reused for a Linux user Local Port Forwarding to expose an internal Duplicati web application Privilege Escalation using Duplicati backup application having access to all the filesystem Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.216.196. ...

Description Sightless is an easy Hack The Box machine that features: Remote Command Execution in the SQLPad web application Escaping from Docker container by cracking the “shadow” hashes and logging through SSH Discovery of internal Froxlor web application and local port forwarding Password Recovery by using a debugging session of the Chrome browser Recovery of a KeePass database file password located in a FTPS service owned by Froxlor application Privilege Escalation by recovering the SSH login key from the KeePass database Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.172.196. ...

Introduction️ GSM (Global System for Mobile Communications) (2G) is a communication standard developed for the transmission of voice and data in mobile networks. Originally created in Europe in the 80s by the European Telecommunications Standards Institute (ETSI), it became the most popular mobile phone system worldwide, used by most mobile network operators around the world. The GSM technology allows users from different operators to communicate with each other and use services like SMS (text messages) or calls. With the arrival of 4G and 5G, the use of GSM networks has decreased and some operators are gradually removing support for these networks.️ ...

Description Sea is an easy Hack The Box machine that features: Remote Command Execution via a Cross Site Scripting vulnerability in WonderCMS application Crack of a weak password hash that allows the login as a Linux user Privilege Escalation via a Command Injection in an internal HTTP monitoring application Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.214.57. ...

Description Compiled is a medium Hack The Box machine that features: Windows Git vulnerability allowing Remote Command Execution by cloning a repository Cracking the password hash of a Gitea user Password Reuse of the Gitea user password in a Windows Local Account Privilege Escalation via a Visual Studio 2019 vulnerability Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.91.211. ...

Description GreenHorn is an easy Hack The Box machine that features: Leaked CMS password hash in a Gitea server Crack of a weak password Vulnerable pluck web application that allows Arbitrary File Upload that leads in Remote Command Execution Reused CMS password in a Linux user Privilege Escalation via the recovery of the root’s password by depixelizing a pixelized image in a PDF file Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.129.242.145. ...

Description Unrested is a medium Hack The Box machine that features: Zabbix SQL Injection that leads into Remote Command Execution vulnerability Privilege Escalation via a restricted Nmap command script Footprinting First, we are going to check with ping command if the machine is active and the system operating system. The target machine IP address is 10.10.11.50. $ ping -c 3 10.10.11.50 PING 10.10.11.50 (10.10.11.50) 56(84) bytes of data. 64 bytes from 10.10.11.50: icmp_seq=1 ttl=63 time=44.3 ms 64 bytes from 10.10.11.50: icmp_seq=2 ttl=63 time=43.3 ms 64 bytes from 10.10.11.50: icmp_seq=3 ttl=63 time=43.8 ms --- 10.10.11.50 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2003ms rtt min/avg/max/mdev = 43.288/43.796/44.292/0.409 ms The machine is active and with the TTL that equals 63 (64 minus 1 jump) we can assure that it is an Unix machine. Now we are going to do a Nmap TCP SYN port scan to check all opened ports. ...