Category: Hackthebox
-
HTB : Armageddon
https://app.hackthebox.com/machines/Armageddon Review Find service version through enumeration Metasploit exploit will give a web shell Databases credentials are stored openly Use mysqldump to dump password hashes Cracked hashes gives password for SSH login Able to run snap install without root Utilize dirty sock exploit to create an account and switch to root user without password Enumeration…
-
HTB : Nibbles
https://app.hackthebox.com/machines/Nibbles Review Directory enumeration revels hidden information Login page credentials are simple RCE can be done from plugins Privilege execution can be achieved by editing a monitor script Enumeration Run nmap scan to find for open ports. Port 80 View source gives a clue. Run a gobuster scan to find for hidden directories. Main site…