This is a practical Walkthrough of “Breadcrumbs” machine from HackTheBox. Credit goes to helich0pper for making this machine available to us.
Passwords, hashes and Flags will be redacted to encourage you to solve those challenges on your own.
Synopsis
“Breadcrumbs” is marked as hard difficulty machine that features Apache hosting PHP web pages on Windows 10 OS. The homepage is a library to look for books and borrow them for reading. The book checkout section is misconfigured and that allow us to look for other files (.php) on the server. Certain .php file reveals secret key for JWT signature, hardcoded admin…
This is a practical Walkthrough of “Luanne” machine from HackTheBox. Credit goes to polarbearer for making this machine available to us.
Passwords, hashes and Flags will be redacted to encourage you to solve those challenges on your own.
Synopsis
“Luanne” is marked as easy difficulty machine that features nginx and supervisor to host website and to control process system. The website has basic HTTP authentication enabled, but a certain http directory is wide open to get weather information of UK cities by querying manually. Web application is connected to a lua script which generates random data about city’s weather. Taking advantage…
This is a practical writeup of “Tally” retired machine from HackTheBox. Credit goes to egre55 for making this machine available to us. Although this machine is from 2017 but the simulation of vulnerabilities are real-to-life.
Synopsis
“Tally” is marked as Hard difficulty machine that features IIS web server and SharePoint CMS with MSSQL running in background. Gobuster gives us path to FTP credentials. FTP has a directory with KeePass credential database, we crack the master password of DB and get access to SMB credentials. SMB access gives us credentials to MSSQL DB. …
This is a practical Walkthrough of “Spectra” machine from HackTheBox. Credit goes to egre55 for making this machine available to us and base points are 20 for this machine.
Passwords, hashes and Flags will be redacted to encourage you to solve those challenges on your own.
Synopsis
“Spectra” is marked as easy difficulty machine that features Apache which is hosting issue tracker and a WordPress website. The homepage has links to Issue Tracker and Testing Website. The former takes us to the WordPress website and the latter take us to a testing website. Due to the fact that it is a…
This is a practical Walkthrough of “Ophiuchi” machine from HackTheBox. Credit goes to felamos for making this machine available to us and base points are 30 for this machine.
Passwords, hashes and Flags will be redacted to encourage you to solve those challenges on your own.
Synopsis
“Ophiuchi” is an medium difficulty Linux machine that features Apache TomCat hosting a JSP (Java Server Page) website and it has SnakeYAML deserialization vulnerability in its library. The website has a functionality to where we can input YAML string/code and server will parse it using SnakeYAML library. After exploiting this vulnerability we get “tomcat”…
This is a practical Walkthrough of “Ready” machine from HackTheBox. Credit goes to bertolis for making this machine available to us and base points are 30 for this machine.
Passwords, hashes and Flags will be redacted to encourage you to solve those challenges on your own.
Synopsis
“Ready” is an medium difficulty Linux machine that features GitLab on docker environment. The version of running GitLab which has a vulnerability is 11.4.7 Community Edition. There’s two distinct vulnerability exists on this version of GitLab SSRF and CRLF. Combining both vulnerability we can gain initial access on target machine. Then we need to…
This is a practical Walkthrough of “Time” machine from HackTheBox. This machine is marked as medium level. Credit goes to egotisticalSW & felamos for making this machine available to us and base points are 30 for this machine.
Passwords, hashes and Flags will be redacted to encourage you to solve those challenges on your own.
Synopsis
“Time” is medium difficulty Linux machine that features Apache server hosting a PHP website. The website homepage is “Online JSON beautifier & validator”. Many websites offer APIs, which will return data in JSON format. Often the JSON provided has white space compressed to reduce the…
This is a practical Walkthrough of “Passage” machine from HackTheBox. This machine is marked as medium level. Credit goes to ChefByzen for making this machine available to us and base points are 30 for this machine.
This walkthrough will be explanatory, because I learned a lot of new things from this machine. So, don’t mind my blabbering.
Passwords, hashes and Flags will be redacted to encourage you to solve those challenges on your own.
Enumeration
We will kick off this machine with enumerating using nmap.
This is a practical Walkthrough of “ScriptKiddie” machine from HackTheBox. Although this machine is marked as easy level, but for me it was kinda intermediate level. Credit goes to 0xdf for making this machine available to us and base points are 20 for this machine.
Passwords, hashes and Flags will be redacted to encourage you to solve those challenges on your own.
Enumeration
We will kick off this machine with nmap enumeration.
This is a practical Walkthrough of “Delivery” machine from HackTheBox. Although this machine is marked as easy level, but for me it was kinda intermediate level. Credit goes to ippsec for making this machine available to us and base points are 20 for this machine.
This walkthrough will be explanatory, because I learned a lot of new things from this machine. So, don’t mind my blabbering.
Passwords, hashes and Flags will be redacted to encourage you to solve those challenges on your own.
Enumeration
We will kick off this machine with nmap enumeration.
