Category: Hack the Box (HTB)

Level: Easy User Flag Nmap scan We find that ports 22 (SSH) and 80 (HTTP) are open. Explore the web application on port 80 Add photobomb.htb to /etc/hosts Authentication Credentials are requested when clicking on “click here” from the home page (http://photobomb.htb/printer). Display the source of the home page (right-click -> View Page Source). View…

This is a walk-through of the Hack the Boo CTF of Hack the Box for Halloween.

Level: Medium User Flag Nmap scan We find that port 445/139 for Samba and 389 for LDAP are open. Enumerate Samba (unauthenticated) Save the user names in a file. users-rpcclient.txt Bruteforce user passwords on LDAP Try username = password. We find credentials: SABatchJobs / SABatchJobs Enumerate Samba (authenticated) Inspect content from all shares Download content…

Vulnerable to return to libc buffer overflow. https://en.wikipedia.org/wiki/Return-to-libc_attack

This is the walk-through of the HTB CyberApocalypse 2021.

Retired machine. User flag only. Scanning Solution for user robisl SVN: http://10.10.10.203:3690/ IMPORTANT Go back to release 2, when a file was added PASSWORD FOUND: User nathen, Password: wendel98 Use the previous credentials to connect to http://devops.worker.htb Generate reverse shell Use a webshell Got a meterpreter session USER FOUND: robisl Port 5985 (from Kali) FLAG:…

Retired machine. Scanning Nothing interesting from nmap scripts, or gobuster (hidden pages). Solution for user low IMPORTANT: sneakycorp.htb MUST BE ADDED IN /etc/hosts Go to http://sneakycorp.htb/team.php and keep note of email addresses. We need a web server to display requests received so we will use Apache already installed on Kali Linux and ModSecurity to audit…