Category: HackTheBox Walkthrough

Bashed – 10.10.10.68 Target Enumeration: OS: Linux IP: 10.10.10.68 User: 2c281f318555dbc1b856957c7147bfc1 Root: cc4f0afe3a1026d402ba10329674a8e2 Ports / Services / Software Versions Running 80/tcp open http Apache httpd 2.4.18 ((Ubuntu)) Vulnerability Exploited: Externally accessible php script which allows remote code execution. Privilege Escalation. Writable python file running as root. Exploiting the host: Nmap Dirb found /dev/ which was…

Bank – 10.10.10.29 Target Enumeration: OS: Linux IP: 10.10.10.29 User: 37c97f8609f361848d8872098b0721c3 Root: d5be56adc67b488f81a4b9de30c8a68e Ports / Services / Software Versions Running 22/tcp open ssh OpenSSH 6.6.1p1 Ubuntu 2ubuntu2.8 (Ubuntu Linux; protocol 2.0) 53/tcp open domain 80/tcp open http Apache httpd 2.4.7 ((Ubuntu)) Vulnerability Exploited: Plaintext password stored unencrypted within .acc file Web application allows users to…

Arctic 10.10.10.11 Target Enumeration: OS: Windows 2008 IP: 10.10.10.11 User: 02650d3a69a70780c302e146a6cb96f3 Root: ce65ceee66b2b5ebaff07e50508ffb90 Ports / Services / Software Versions Running 135/tcp open msrpc Microsoft Windows RPC8500/tcp open http JRun Web Server49154/tcp open msrpc Microsoft Windows RPC Vulnerability Exploited: ColdFusion 8.0.1 Arbitrary File Upload and Execute This module exploits the Adobe ColdFusion 8.0.1 FCKeditor ‘CurrentFolder’ File…

Aragog – 10.10.10.78 Target Enumeration: OS: Linux IP: 10.10.10.78 User: f43bdfbcfd3f2a955a7b67c7a6e21359 Root: 9a9da52d7aad358699a96a5754595de6 Vulnerability Exploited: External Entity Injection to read passwd file and grab id_rsa keys. Privilege Escalation: Root user logs into the application with plaintext credentials, modifying the wp-login.php page to dump passwords to disk reveals a root password. Exploiting the host: Nmap Dirbuster…

Active – 10.10.10.100 Target Enumeration: OS: Windows IP: 10.10.10.100 User: 86d67d8ba232bb6a254aa4d10159e983 Root: b5fc76d1d6b91d77b2fbf2d54d0f708b Ports / Services / Software Versions Running 53/tcp open domain Microsoft DNS 6.1.7601 (1DB15D39) (Windows Server 2008 R2 SP1) 88/tcp open kerberos-sec Microsoft Windows Kerberos (server time: 2018-12-17 17:16:59Z) 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn Microsoft Windows netbios-ssn 389/tcp…

Access – 10.10.10.98 Target Enumeration: OS: Windows IP: 10.10.10.98 User: ff1f3b48913b213a31ff6756d2553d38 Root: 6e1586cc7ab230a8d297e8f933d904cf Ports / Services / Software Versions Running FTP Telnet HTTP Vulnerability Exploited: Anonymous ftp access allows you to download a mdb file which once reviewed gives you a password for the zip file. Once zip file is extracted there is a telnet…