Hack the Box: Cronos

Enumeration Nmap From the Nmap scan, we can see that the target has TCP ports 22 (SSH), 53 (DNS), and 80 (HTTP) open. The target has a Linux operating system. The website at 10.10.10.13 has only the Apache default page. DNS Using nslookup it was possible to identify the host’s domain name: cronos.htb By doing… Continue reading Hack the Box: Cronos

TryHackMe: Gatekeeper

Enumeration Nmap The Nmap scan shows that among other things ports 139 (NetBIOS), 445 (SMB), 3389 (RDP), and port 31337 (“Elite”) are open on the target. The target has a Windows 7 Professional 7601 Service Pack 1 operating system. SMB Utilizing smbclient with null login, we were able to list available shares. Successfully gained access… Continue reading TryHackMe: Gatekeeper

Hack the Box: Poison

Enumeration Nmap The Nmap scan shows that OpenSSH is running on port 22 and Apache server on port 80 on the target. The target has a FreeBSD operating system. HTTP Browsing the website, we can see a site with the title: “Temporary website to test local .php scripts”. Entering a listed script’s name “listfiles.php” into… Continue reading Hack the Box: Poison

Hack the Box: Nibbles

Enumeration Nmap The Nmap scan shows that OpenSSH is running on port 22 and an Apache HTTP server on port 80 on the target. HTTP Browsing the website, we can see the text “Hello world!”. Viewing the source of index.html reveals a comment referencing a /nibbleblog/ directory. The page http://10.10.10.75/nibbleblog/ does not provide anything interesting.… Continue reading Hack the Box: Nibbles

Hack the Box: Sense

Enumeration Nmap The Nmap scan shows that lighttpd server 1.4.35 is running on ports 80 (HTTP) and 443 (HTTPS). HTTP Browsing to the website, PfSense login page is revealed. Failed to login with PfSense default credentials: admin:pfsense. Dirbuster Running Dirbuster with the wordlist /usr/share/wordlists/dirbuster/directory-list-lowercase-2.3-medium.txt we can see a file system-users.txt which reveals credentials: rohit:pfsense Logged… Continue reading Hack the Box: Sense