Category: Hackthebox
-
HTB : Builder
Builder is a medium-difficulty Linux machine with a vulnerable Jenkins instance (CVE-2024-23897), allowing unauthenticated users to read arbitrary files. An attacker can extract the jennifer user’s username and password hash, then use these credentials to log into Jenkins. An encrypted SSH key is exploited to gain root access on the host machine. Network Enumeration To…
-
HTB : Timelapse
Network Enumeration To begin our exploration of the network, let’s initiate an nmap scan in order to identify all open ports. To gather more information about the network, we can use a detailed nmap scan. Add the domain name found from the nmap scan to /etc/hosts SMB Enumeration SMB null sessions are a type of…
-
HTB : Active
Network Enumeration To begin our exploration of the network, let’s initiate an nmap scan in order to identify all open ports. To gather more information about the network, we can use a detailed nmap scan. Add the domain name found from the nmap scan to /etc/hosts SMB Enumeration SMB null sessions are a type of…
-
HTB : Armageddon
https://app.hackthebox.com/machines/Armageddon Review Find service version through enumeration Metasploit exploit will give a web shell Databases credentials are stored openly Use mysqldump to dump password hashes Cracked hashes gives password for SSH login Able to run snap install without root Utilize dirty sock exploit to create an account and switch to root user without password Enumeration…
-
HTB : Nibbles
https://app.hackthebox.com/machines/Nibbles Review Directory enumeration revels hidden information Login page credentials are simple RCE can be done from plugins Privilege execution can be achieved by editing a monitor script Enumeration Run nmap scan to find for open ports. Port 80 View source gives a clue. Run a gobuster scan to find for hidden directories. Main site…
Persecure : my learning archive 