January 30, 2022
HackTheBox - Cronos
IP: 10.10.10.13
NMAP
DNS
Gives us admin.cronos.htb
Edit /etc/hosts/
to include 10.10.10.13 admin.cronos.htb
Gives us login page we can log in with ' or 1=1;##"
.
At the logged in page we can...
January 30, 2022
HackTheBox - Irked
IP: 10.10.10.117
NMAP
BROWSER
uid=1001(ircd) gid=1001(ircd) groups=1001(ircd)
Create .ssh folder inside ircd home-folder and set chmod 700, then import my key to authorized_keys and chmod 600. Then use ssh...
January 30, 2022
HackTheBox - Writer
NMAP
Smb ports are open
browser-ports are open
Gobuster
Finds sites like static and aministrative
SQLMAP
find username, hash and also reads files. Lets ut read source code and how the site source code looks like.
<ip>/administrative
...
January 30, 2022
HackTheBox - Valentine
IP: 10.10.10.79
NMAP
Running msfconsole and heartbleed
exploit.
When inspecting request we see.
In leaked data I found reference to "decode.php". Decoding the text from $text gave
Running gobuster gave to websites,...
January 30, 2022
HackTheBox - Networked
IP 10.10.10.146
Nmap
Run Gobuser
we find links to /uploads
and /backup
. Inside the backup folder there is a compressed file that contains files on the server. We see the server contains the following files...
January 30, 2022
HackTheBox - Postman
Port 1000 shows a webmin login-page. Need to edit hosts to include postman
.
By doing some googling around Redis we find an exploit at https://github.com/Ridter/redis-rce. This is a python-script that gives us a reverse shell.
When run...
January 30, 2022
HackTheBox - Blocky
IP 10.10.10.37
NMAP
We run gobuster and find a folder called /plugin
and inside two .jar
-files. When extracted with 7z e .jar-file
we find the password 8YsqfCTnvxAUeduzjNSXe22
This works with...
January 30, 2022
HackTheBox - Lame
IP: 10.10.10.3 NMAP But it gives us nothing. We continue to enumerate and try the SMB-server. Get a hold of the SMB-server and the permissions. We discover that the tmp-folder is open for read/write and connect to it with: Inside the...
ReadJanuary 30, 2022
HackTheBox - Bashed
IP 10.10.10.68
NMAP
Browser
Gives a website that links to phpbash.php at github. It's a hint that it is deployed on the server.
Run dirbuster and fuzz for directories and the file phpbash.php.
Use the /{}/phpbash.php
as query.
The only...
January 30, 2022
HackTheBox - Beep
IP 10.10.10.7
NMAP
Shows us a lot of open ports and searching the web-browsers points us to many web-sites. Run gobuster and we get some hits.
Enumerating some of the folders we find services like freepbx
at port 443, and...
January 30, 2022
HackTheBox - Pit
IP: 10.10.10.241
Nmap
Snmp på port 161:
snmpwalk -c public -v1 10.10.10.241 1 -On
Check certificate at http://10.10.10.241:9090
and it shows the hostname is dms-pit.htb
. Add 10.10.10.241...
January 30, 2022
HackTheBox - Seal
seal.htb
IP 10.10.10.250
Keywords: tomcat nginx burpsuite symlink
NMAP
Port 8080, 443
Accessing 10.10.10.250:8080 gives us login page.
* create user and log in, look through commits and find old password and user
enumerate...
January 30, 2022
HackTheBox - Tabby
IP 10.10.10.194
NMAP
HOST
This lists the file and we can read
By trying different paths, we try to find the tomcat-user.xml
file specified at the 10.10.10.194:8000
website. By trial and failure we can see that...
January 30, 2022
HackTheBox - Delivery
mysql, grep, hashcat, rules, email
IP 10.10.10.222
NMAP
BROWSER
found a website that contained link to http://helpdesk.delivery.htb/
and delivery.htb
. Add this to /etc/hosts
with 10.10.10.222...
January 30, 2022
HackTheBox - Admirer
IP 10.10.10.187
NMAP
BROWSER
Checking the /robots.txt
mentioned in NMAP leads us to the directory admin-dir
. Running gobuster against the directory leads to two files contacts.txt
and...
January 30, 2022
HackTheBox - Scriptkiddie
Keywords: metasploit, command injection
IP: 10.10.10.226
Go to web-browser 10.10.10.226:5000
The web-site is some numorous script/msftools.
After some enumeration we find that the msfvenom box is exploitable with android apk...
January 30, 2022
HackTheBox - Knife
Keywords: CVE, ssh
So this is a short version written some time after I finished the machine.
To sum it up the basic enumeration with nmap
, gobuster
and so on didn't show that much usefull. Also the webiste at...
January 30, 2022
HackTheBox - Traverxec
IP 10.10.10.165
NMAP
Visiting http://10.10.10.165 in the brower we can enumerate a bit, and after trying to spoof the links we get to an 404/error-message that specifies the web-service nostromo 1.9.6
.
Searching on google nostromo...
January 30, 2022
HackTheBox - Nibbler
IP 10.10.10.75
NMAP
Shows port 22 and 80 open. Checking the webpage shows nothing. In the comments of the source-code it hints towards nibbleblog-folder.
Checking the files it shows us admin@nibbles.com
and user admin
. With...
January 30, 2022
HackTheBox - Mirai
IP 10.10.10.48
HOST
NMAP
BROWSER
When accessing http://10.10.10.48/versions
we get a file calles versions
to download. The file contains ,v3.1.4,v3.1,v2.10
.
By googling the versions and lighttpd we find...
January 30, 2022
HackTheBox - Shocker
IP: 10.10.10.56
Website shows nothing special and no links.
Run dirbuster with .sh -extension and find /cgi-bin/user.sh
.
Check shellshock with:
This shows us that we have RCE (Remote Code Execution)
We set up a listener in our...
June 23, 2021
RSA and Python
RSA is a cryptographic method. It is based on prime numbers and have a way to construct those primes in to values which is used later on in the encryption/decryption-process. The following is my notes regarding RSA-basics in a CTF (capture the...
ReadMay 7, 2021
Tinkering with pwntools
Hello World! So during the last month I have been practising my Python skills by doing CTF's. During the easter I had a go at the CTF hosted by the Norwegian Police Security Service, and came in contact with other persons with an interests for CTF's....
ReadMarch 19, 2021
Just a basic script
Today I watched a YouTube-video from The Cyber Mentor (link below) about creating a simple bash script in order to perform some website enumeration. Some hours later I was working with a machine at HackTheBox and it occured to me. Whenever I take a go...
ReadMarch 15, 2021
The pentester blueprint
By Phillip L. Wylie and Kim Crawley I have been thinking for a while now, about what should be my next step in order to learn more about pentesting. Last year (2020) I was thinking about the OSCP (Offensive Security Certified Professional) -...
ReadMarch 15, 2021
Python course
A few toughts about Python! My experience with Python is not that long and I've tried to learn it before. I feel like I have controll of the basics but when it gets more advanced it gets more complicated. I really enjoy coding with Python and I want to...
ReadJuly 22, 2021
VIM text editor
General use of VIM So I've decided to move on from nano as my text-editor and over to VIM. I've used it for some weeks now and can already see the benefits of using VIM. One of the struggles in the...
ReadJuly 7, 2021
gdb - writeup
I think the flag might be decrypted and left in memory. Maybe a debugger will help? Check out the CTF @ ForeverCTF Open file in Ghidra. Change name on the values. Find out what we know for...
Read