Sau is an "easy" box from Hack The Box that requires chaining together multiple vulnerabilities to gain access. Enumeration I ran a full port scan and found port 55555 open, and ports 80 and 8338 filtered. Port 55555 was running an app called Request Baskets, version 1.2.1. I used SearchSploit to find an exploit. searchsploit … Continue reading Hack The Box: Sau write-up
Tag: htb
Hack The Box: Delivery write-up
Introduction Delivery is an easy, Linux box made by Ippsec and hosted on Hack The Box. Hacking Delivery requires little technical knowledge or reliance on tools, which makes it great for beginners. Hacking in requires: Exploiting logic errors;MySQL enumeration; andHashcat. Enumeration Whilst I started this box with my usual AutoRecon and Nmap scans, I actually … Continue reading Hack The Box: Delivery write-up
Hack The Box: Bank write-up
Introduction This is a write-up of the Bank box from Hack The Box. Bank is an easy Linux box, and hacking it requires: Text searching and manipulation;MySQL enumeration; andSUID knowledge. Note before - unfortunately this box also requires some guesswork, or assumed knowledge. This is unfortunate as, despite being ranked as an easy box, it … Continue reading Hack The Box: Bank write-up
Hack The Box: Irked write-up
Irked is an easy Linux box from HackTheBox that requires CVE exploits and a basic understanding of Linux privileges to hack. Enumeration I started this box as I usually do with nmap. Figure 1 - nmap output However when I start a new box I always run two nmap scans. The first is 'sudo nmap … Continue reading Hack The Box: Irked write-up
Hack The Box: ServMon write-up
ServMon is an easy Windows box from HackTheBox. Hacking it requires FTP, SSH (including SSH tunnelling) and a CVE exploit. Whilst it is not too difficult to hack this box, there are a lot of steps so this will be a bit of a longer read. Enumeration Starting as always with nmap. Figure 1 - … Continue reading Hack The Box: ServMon write-up
Hack The Box: Devel write-up
Devel is an easy Windows machine from HackTheBox. It requires knowledge of FTP and Windows kernel exploits to hack. Enumeration Nmap to start. Figure 1 - nmap output Only ports 80 and 21 were open. Port 21 is obviously FTP and the nmap scan said anonymous access was allowed, so I started there. Figure 2 … Continue reading Hack The Box: Devel write-up
Hack The Box: Granny write-up
Granny is an easy Windows OS box from HackTheBox. Hacking it required knowledge of HTTP headers and Windows kernel vulnerabilities. Enumeration The first step was running an nmap scan. Figure 1 - nmap output The output showed that only port 80 was open. It also showed the server allowed the PUT header in requests, which … Continue reading Hack The Box: Granny write-up
Hack The Box: Grandpa write-up
Grandpa is an easy Windows OS box from HackTheBox. Hacking it required exploiting Microsoft IIS and Windows kernel vulnerabilities. Enumeration The first step was running an nmap scan. Figure 1 - nmap output The scan showed only port 80 was open. I initially tried exploiting the COPY header because of my experience with Granny, but … Continue reading Hack The Box: Grandpa write-up