Category: Hackthebox
-
HTB Challenge : Impossible Password
https://app.hackthebox.com/challenges/impossible-password Download the file and test out the program. Use strings for clues. Try with the found password. Use ltrace to observe the file. The program compares with a random string and exits. We see that the program holds the time , srand and malloc functions. The string comparison randomly changes by time. Disassemble Let’s…
-
HTB Challenge : Baby RE
https://app.hackthebox.com/challenges/baby-re Test the program. Use Ghidra to analyze the program. Key can also be located via strings command. Test the key
-
HTB Buff
https://app.hackthebox.com/machines/Buff Use nmap to find for open ports. Webserver shows a fitness based company. In the contact page we can find the interface used for the site. Searchsploit gives us some options. Download the file. Access gained. To get a better shell upload nc.exe via a python server. Run netcat and start a listener on…
-
HTB Challenge : Behind the Scenes
https://app.hackthebox.com/challenges/behind-the-scenes
-
HTB Networked
https://app.hackthebox.com/machines/Networked Run a nmap scan to find for open ports. Homepage doesn’t show much. Run a gobuster scan to find for directories. A place to upload files. Backup folder with a zipped file. Download and unzip the backup folder to get some php source codes. Upload.php shows a check file function. lib.php shows a file_mime_type…
-
HTB Challenge : WIDE
https://app.hackthebox.com/challenges/wide Start up Ghidra to find for clues. In the menu function we find the password hardcoded. Flag is found