Hack the Box: Cronos

Enumeration Nmap From the Nmap scan, we can see that the target has TCP ports 22 (SSH), 53 (DNS), and 80 (HTTP) open. The target has a Linux operating system. The website at 10.10.10.13 has only the Apache default page. DNS Using nslookup it was possible to identify the host’s domain name: cronos.htb By doing… Continue reading Hack the Box: Cronos

Hack the Box: Poison

Enumeration Nmap The Nmap scan shows that OpenSSH is running on port 22 and Apache server on port 80 on the target. The target has a FreeBSD operating system. HTTP Browsing the website, we can see a site with the title: “Temporary website to test local .php scripts”. Entering a listed script’s name “listfiles.php” into… Continue reading Hack the Box: Poison

Hack the Box: Nibbles

Enumeration Nmap The Nmap scan shows that OpenSSH is running on port 22 and an Apache HTTP server on port 80 on the target. HTTP Browsing the website, we can see the text “Hello world!”. Viewing the source of index.html reveals a comment referencing a /nibbleblog/ directory. The page http://10.10.10.75/nibbleblog/ does not provide anything interesting.… Continue reading Hack the Box: Nibbles

Hack the Box: Sense

Enumeration Nmap The Nmap scan shows that lighttpd server 1.4.35 is running on ports 80 (HTTP) and 443 (HTTPS). HTTP Browsing to the website, PfSense login page is revealed. Failed to login with PfSense default credentials: admin:pfsense. Dirbuster Running Dirbuster with the wordlist /usr/share/wordlists/dirbuster/directory-list-lowercase-2.3-medium.txt we can see a file system-users.txt which reveals credentials: rohit:pfsense Logged… Continue reading Hack the Box: Sense

Hack the Box: Optimum

Enumeration Nmap The Nmap scan shows that port 80 is open on the target, where an HTTPFileServer 2.3 is running. The target has a Windows operating system. This particular version of Rejetto HTTP File Server (HFS) has a remote command execution vulnerability CVE-2014-6287. HTTP It was confirmed in a browser that HTTPFileServer is running on… Continue reading Hack the Box: Optimum