Cybersecurity thoughts and learnings.
This category contains posts, mostly write-ups, relevant to HackTheBox.
Introduction Delivery is an easy, Linux box made by Ippsec and hosted on Hack The Box. Hacking Delivery requires little technical knowledge or reliance on tools, which makes it great for beginners. Hacking in requires: Exploiting logic errors;MySQL enumeration; andHashcat. Enumeration Whilst I started this box with my usual AutoRecon and Nmap scans, I actually … Continue reading Hack The Box: Delivery write-up
Introduction This is a write-up of the Bank box from Hack The Box. Bank is an easy Linux box, and hacking it requires: Text searching and manipulation;MySQL enumeration; andSUID knowledge. Note before - unfortunately this box also requires some guesswork, or assumed knowledge. This is unfortunate as, despite being ranked as an easy box, it … Continue reading Hack The Box: Bank write-up
Irked is an easy Linux box from HackTheBox that requires CVE exploits and a basic understanding of Linux privileges to hack. Enumeration I started this box as I usually do with nmap. Figure 1 - nmap output However when I start a new box I always run two nmap scans. The first is 'sudo nmap … Continue reading Hack The Box: Irked write-up
ServMon is an easy Windows box from HackTheBox. Hacking it requires FTP, SSH (including SSH tunnelling) and a CVE exploit. Whilst it is not too difficult to hack this box, there are a lot of steps so this will be a bit of a longer read. Enumeration Starting as always with nmap. Figure 1 - … Continue reading Hack The Box: ServMon write-up
Devel is an easy Windows machine from HackTheBox. It requires knowledge of FTP and Windows kernel exploits to hack. Enumeration Nmap to start. Figure 1 - nmap output Only ports 80 and 21 were open. Port 21 is obviously FTP and the nmap scan said anonymous access was allowed, so I started there. Figure 2 … Continue reading Hack The Box: Devel write-up
Granny is an easy Windows OS box from HackTheBox. Hacking it required knowledge of HTTP headers and Windows kernel vulnerabilities. Enumeration The first step was running an nmap scan. Figure 1 - nmap output The output showed that only port 80 was open. It also showed the server allowed the PUT header in requests, which … Continue reading Hack The Box: Granny write-up
Grandpa is an easy Windows OS box from HackTheBox. Hacking it required exploiting Microsoft IIS and Windows kernel vulnerabilities. Enumeration The first step was running an nmap scan. Figure 1 - nmap output The scan showed only port 80 was open. I initially tried exploiting the COPY header because of my experience with Granny, but … Continue reading Hack The Box: Grandpa write-up