If you think October is only the spooky month, well you’re wrong! October is also known as Cyber Security Month!.

To celebrate the month, HackTheBox renewed their Starting-Point which is a path for beginner that want to start hacking to learn. And I must say it is very well made.

A box on Proving Grounds focusing more on enumeration! If in-doubt just enumerate!!

Summary

We scan the network and found that the target is running an Apache web-server. Further enumeration of the web-server reveals that there is an unprotected upload functionality which allowed an attacker to upload malicious file which leads…

Hi amazing hackers from around the world, back again with another write up of a box. This time it’s from OffSec’s Proving Grounds. If you would like to check out more write ups please do check my GitLab repository

Enumeration

NMAP

PORT   STATE SERVICE VERSION
22/tcp open ssh…

This room is more focused on PostgresSQL on how misconfiguration could lead to Remote Code Execution.

NMAP SCAN

PORT     STATE SERVICE    VERSION  
22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.10 (Ubuntu Linux; protocol 2.0)…

Hello all, It’s been a while since I posted, I’ve been hanging out on Portswigger and learning stuff. I’ve been lazy but I’ve been documenting what I do on my gitlab. If you’re interested, check out my GitLab.

Startup

We are Spice Hut, a new startup company that just made it…

Created by ustoun0

Tasks

  • user.txt
  • root.txt

Vulnerabilities

  • PHP deserialization
  • Weak password
  • Permissions for a file.

NMAP

PORT   STATE SERVICE VERSION
22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.10 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
| 2048 44:ee:1e:ba:07:2a:54:69:ff:11:e3:49:d7:db:a9:01 (RSA)
| 256 8b:2a:8f:d8:40:95:33:d5:fa:7a:40:6a:7f:29:e4:03 (ECDSA)
|_ 256 65:59:e4:40:2a:c2:d7:05:77:b3:af:60:da:cd:fc:67 (ED25519)
80/tcp…

A TryHackMe room made by zyeinn featuring a lot of stuff!

Tasks

user.txt

root.txt

Vulnerabilities

Hash credentials in source code.

Weak password

XXE injection

Not calling binary from $PATH

NMAP

Port 80 and 22 is open
After a full port scan, it reveals port 8765 is also open.

Foothold

After running Gobuster, I checkout the directories and found interesting stuff in custom/js directory.

mobile.js
users.bak

Using CrackStation, the hash in…

A room on TryHackMe created by TheCyb3rW0lf featuring a Windows machine.

VulnNet:Roasted

Tasks

  • user.txt
  • system.txt

Vulnerabilities

  • IPC$ share is readable as anonymous leading to enumeration of users.
  • Kerberos leaking a hash which can lead to password cracking (From what I read it’s not a vulnerability?)
  • Strong passwords found in rockyou.txt

Sources I used

https://www.secureauth.com/labs/open-source-tools/impacket/
https://hashcat.net/wiki/doku.php?id=example_hashes
https://github.com/Hackplayers/evil-winrm
https://forum.hackthebox.eu/discussion/2749/getnpusers-py-explained-video

FarisArch

Student that loves FOSS

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store