Enumeration Nmap From the Nmap scan, we can see that the target has various TCP ports open, including 53 (DNS), 80 (HTTP), 88 (Kerberos), 389 (LDAP), 445 (SMB), and 5985 (WinRM). It’s worth noting that the target is part of an Active Directory domain called intelligence.htb, and we can see a hostname for the domain… Continue reading Hack the Box: Intelligence
Author: Teemu Hakkarainen
Hack the Box: Escape
Enumeration Nmap Based on the Nmap scan, it appears that the target has various TCP ports open, including 53 (DNS), 88 (Kerberos), 389 (LDAP), 445 (SMB), 1433 (MSSQL), and 5985 (WinRM). It’s worth noting that the target is a part of a domain called sequel.htb, and we can see a hostname for the domain controller… Continue reading Hack the Box: Escape
Hack the Box: Remote
Enumeration Nmap From the Nmap scan, we can see that the target has among other things TCP ports 21 (FTP), 80 (HTTP), 111 (RPC), and 445 (SMB) open. The target has a Windows operating system. From the Nmap’s script results, we can see that anonymous FTP login is allowed. FTP Successfully logged to the FTP… Continue reading Hack the Box: Remote
Hack the Box: Cronos
Enumeration Nmap From the Nmap scan, we can see that the target has TCP ports 22 (SSH), 53 (DNS), and 80 (HTTP) open. The target has a Linux operating system. The website at 10.10.10.13 has only the Apache default page. DNS Using nslookup it was possible to identify the host’s domain name: cronos.htb By doing… Continue reading Hack the Box: Cronos
Hack the Box: Timelapse
Enumeration Nmap The Nmap scan shows among other things that TCP ports 53 (DNS), 88 (Kerberos), 445 (SMB), and 5986 (WinRM with SSL) are open on the target. Target is part of an Active Directory domain called timelapse.htb; the computer name is DC01. SMB With Smbclient we were able to list the available shares using… Continue reading Hack the Box: Timelapse
TryHackMe: Gatekeeper
Enumeration Nmap The Nmap scan shows that among other things ports 139 (NetBIOS), 445 (SMB), 3389 (RDP), and port 31337 (“Elite”) are open on the target. The target has a Windows 7 Professional 7601 Service Pack 1 operating system. SMB Utilizing smbclient with null login, we were able to list available shares. Successfully gained access… Continue reading TryHackMe: Gatekeeper
Hack the Box: Poison
Enumeration Nmap The Nmap scan shows that OpenSSH is running on port 22 and Apache server on port 80 on the target. The target has a FreeBSD operating system. HTTP Browsing the website, we can see a site with the title: “Temporary website to test local .php scripts”. Entering a listed script’s name “listfiles.php” into… Continue reading Hack the Box: Poison
Hack the Box: Buff
Enumeration Nmap The Nmap scan shows that Apache server with PHP version 7.4.6 is running on port 8080 on the target. HTTP On navigating to port 8080, we can see a fitness website. From the page http://10.10.10.198:8080/contact.php we can see that the web application is using Gym Management Software 1.0. Exploitation Using SearchSploit we can… Continue reading Hack the Box: Buff
Hack the Box: Nibbles
Enumeration Nmap The Nmap scan shows that OpenSSH is running on port 22 and an Apache HTTP server on port 80 on the target. HTTP Browsing the website, we can see the text “Hello world!”. Viewing the source of index.html reveals a comment referencing a /nibbleblog/ directory. The page http://10.10.10.75/nibbleblog/ does not provide anything interesting.… Continue reading Hack the Box: Nibbles
Hack the Box: Sense
Enumeration Nmap The Nmap scan shows that lighttpd server 1.4.35 is running on ports 80 (HTTP) and 443 (HTTPS). HTTP Browsing to the website, PfSense login page is revealed. Failed to login with PfSense default credentials: admin:pfsense. Dirbuster Running Dirbuster with the wordlist /usr/share/wordlists/dirbuster/directory-list-lowercase-2.3-medium.txt we can see a file system-users.txt which reveals credentials: rohit:pfsense Logged… Continue reading Hack the Box: Sense