(HTB) - BroScience

BroScience is a Medium Difficulty Linux machine that features a web application vulnerable to LFI. Through the ability to read arbitrary files on the target, the attacker gains an insight into how ...

Jul 23 10 min HackTheBox, Linux

(HTB) - Mentor

Enumeration NMAP Nmap scan report for mentorquotes.htb (10.129.213.168) Host is up (0.083s latency). Not shown: 4992 closed tcp ports (conn-refused) PORT STATE SERVICE VERSION 22/tcp ...

Mar 11 5 min HackTheBox, Linux

(HTB) - Ambassador

Enumeration NMAP Nmap scan report for 10.10.11.183 Host is up (0.033s latency). Not shown: 996 closed tcp ports (conn-refused) PORT STATE SERVICE 22/tcp open ssh | ssh-hostkey: | 3072 29d...

Mar 5 9 min HackTheBox, Linux

(HTB) - Awkward

Enumeration NMAP Nmap scan report for 10.129.45.168 Host is up (0.045s latency). Not shown: 65514 closed tcp ports (conn-refused) PORT STATE SERVICE VERSION 22/tcp open ssh Ope...

Mar 4 10 min HackTheBox, Linux

(HTB) - Photobomb

Photobomb is an easy linux box where we have to enumerate a web application, achieving OS command injection. For privilege escalation, there is vulnerable script which uses relative path which we c...

Mar 4 3 min HackTheBox, Linux

(HTB) - Forgot

Forgot is an intermediate box which start with few basic web application misconfigurations. Box runs vulnerable tensorflow python package in a script which is run as sudo/root Enumeration NMAP Nma...

Mar 3 3 min HackTheBox, Linux

(HTB) - Script Kiddie

Script Kiddie is an easy box where we first have to exploit a vulnerable MSFvenom template ENUMERATION NMAP EXPLOITATION Using metasploit kid@scriptkiddie:~/html$ id id uid=1000(kid) gid=1...

Sep 22, 2022 1 min HackTheBox, Other

(HTB) - Academy

Academy is a new product from hack the box and this box gives a preview into it. This box however unlike the real HTB Academy has been made vulnerable ENUMERATION NMAP Let’s start NMAP 22/tcp open...

Sep 22, 2022 2 min HackTheBox, Linux

(HTB) - Reel2

Reel2 is an awesome Windows machine which requires phishing, password spraying, cracking. After having shell access, there is JEA implemented which makes things harder, but it’s nice to get introdu...

Sep 22, 2022 5 min HackTheBox, Windows

(HTB) - Luanne

Luanne is a easy NetBSD box, which starts command injection. Privilege escalation is done by enumerating backups and decrypting those ENUMERATION NMAP Nmap scan report for 10.10.10.218 Host is up ...

Sep 22, 2022 3 min HackTheBox, Other

(HTB) - StreamIO

StreamIO is a medium Windows box. It’s all about enumeration at the start, finding SQL injection, Local and Remote File Inclusion. We have to keep track of passwords at all times. Last privilege Es...

Sep 17, 2022 9 min HackTheBox, Windows

Bucket

Bucket is medium rated linux box, which is mostly about exploiting common bucket miscofigurations. Bucket is based on AWS technology(DynamoDB,S3) ENUMERATION NMAP Let’s start NMAP: Nmap scan repo...

Sep 15, 2022 5 min HackTheBox, Linux

(HTB) - Time

**Time is a very straightforward box, which just needs to be enumerated very precisely. It starts with Java CVE and ends with ** ENUMERATION NMAP Let’s start with NMAP scan: Nmap scan report for 1...

Sep 12, 2022 1 min HackTheBox, Linux

(HTB) - Tenet

Tenet is medium rated linux box. It’s all about deserialization and exploiting race condition on the system level ENUMERATION NMAP Nmap scan report for 10.10.10.223 Host is up (0.036s latency). No...

Sep 12, 2022 4 min HackTheBox, Linux

Sharp

Sharp is an interesting Windows box which has primarely to do with reversing an C# or .NET binary. Privilege Escalation is all about Windows Communication Foundation (WCF) ENUMERATION NMAP Let’s s...

Sep 12, 2022 3 min HackTheBox, Windows

Ready

Ready is an easy box based on linux. It starts with vulnerable Gitlab version and ends with escaping docker container. ENUMERATION NMAP Let’s start nmap scan: luka@kali:~/htb/ready$ nmap -sC -sV ...

Sep 12, 2022 3 min HackTheBox, Linux

Anubis

Anubis is Windows box which introduces SSTI/XSS vulnerability for initial foothold in Docker, followed by Jamovi CVE and Exploiting AD CS Enumeration NMAP NMAP will be ran on all ports: Nmap scan r...

Mar 14, 2022 20 min HackTheBox, Windows

Driver

Driver is Windows box which introduces common vulnerability/configuration that may be exploited by attackers. In particular it’s about SCF file Enumeration NMAP Nmap scan report for 10.10.11.106 Ho...

Dec 25, 2021 3 min HackTheBox, Windows

Worker

Worker - Easy Box running on Linux. Enumeration through SVN. DevOps on Azure! :) ENUMERATION NMAP Let’s start NMAP first: Nmap scan report for 10.10.10.203 Host is up (0.034s latency). Not shown: 9...

Dec 25, 2021 3 min HackTheBox, Linux

LogForge

LogForge is Linux box which introduces Log4j Vulnerability. Enumeration NMAP luka@kali:~/htb/logforge/nmap$ nmap -sC -sV -oA nmap 10.10.11.138 Starting Nmap 7.92 ( https://nmap.org ) at 2021-12-24 ...

Dec 25, 2021 4 min HackTheBox, Linux

Bitlab

Bitlab - Medium Box running on Linux. GitLab // x32dbg // Debugging / PostGre // git pull // JavaScript ENUMERATION NMAP So,… let’s first start NMAP: Nmap scan report for 10.10.10.114 Host is up...

Dec 25, 2021 3 min HackTheBox, Linux

Jewel

Jewel is a medium Windows box. It’s main part is Source Code Review. ENUMERATION NMAP Let’s start NMAP: Nmap scan report for 10.10.10.211 Host is up (0.040s latency). Not shown: 997 filtere...

Jan 11, 2021 3 min HackTheBox, Linux

JSON

Doctor is a medium Windows box. It’s all about Deserialization and Reversing ENUMERATION NMAP Let’s start NMAP: Nmap scan report for 10.10.10.158 Host is up (0.038s latency). Not shown: 988 clos...

Jan 11, 2021 4 min HackTheBox, Windows

Doctor

Doctor is an easy linux box where we need to exploit WebApp using Command Injection, Path Traversal ENUMERATION NMAP Nmap scan report for 10.10.10.209 Host is up (0.040s latency). Not shown: 997 f...

Jan 11, 2021 2 min HackTheBox, Linux

Hack The Box