HackTheBox Writeups

Nmap: Nmap scan report for 10.10.10.169 Host is up (0.024s latency). Not shown: 65511 closed ports PORT STATE SERVICE VERSION 53/tcp open domain? | fingerprint-strings: | DNSVersionBindReqTCP:

This box is still active therefore the writeup is protected. You can download this writeup by clicking here The password is the root hash. Example: root:$6$JNnF8uyhyLU8TRvi$START--->

This box is still active therefore the writeup is protected. You can download this writeup by clicking here The password is the root hash. Example: root:$6$JNnF8uyhyLU8TRvi$START--->

This box is still active therefore the writeup is protected. You can download this writeup by clicking here The password is the root hash. Example: root:$6$JNnF8uyhyLU8TRvi$START--->

This box is still active therefore the writeup is protected. You can download this writeup by clicking here The password is the root hash. Example: root:$6$JNnF8uyhyLU8TRvi$START--->

This box is still active therefore the writeup is protected. You can download this writeup by clicking here The password is the root hash. Example: root:$6$JNnF8uyhyLU8TRvi$START--->

First start with an Nmap scan Nmap scan report for 10.10.10.162 Host is up, received user-set (0.059s latency). Scanned at 2019-10-26 15:04:48 EDT for

This box is still active therefore the writeup is protected. You can download this writeup by clicking here The password is the NT hash. Example: Administrator:500:aad3c435b514a4eeaad3b935b51304fe:START-->

This box is still active therefore the writeup is protected. You can download this writeup by clicking here The password is the root hash. Example: root:$6$JNnF8uyhyLU8TRvi$START--->

First start with an Nmap scan # nmap -sV -sC -T4 -p- 10.10.10.159 Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-19 20:22 EST Nmap scan report

Start with an Nmap scan # nmap -sV -sC -T4 -p- 10.10.10.160 Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-05 18:04 EST Nmap scan report for

This box is still active therefore the writeup is protected. You can download this writeup by clicking here The password is the root flag.

First start with an Nmap scan Starting Nmap 7.70 ( https://nmap.org ) at 2020-03-31 11:32 Pacific Daylight Time Nmap scan report for 10.10.10.171 Host is

Start with an Nmap scan # nmap -sV -sC -T4 -p- 10.10.10.110 Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-07 19:26 EST Nmap scan report for

SummaryUse curl to perform a POST request to reveal a hidden directoryBruteforce the login credentials using bash and a python scriptUse the web interface to execute commands on the System

NMAP: # Nmap 7.80 scan initiated Fri May 8 23:17:40 2020 as: nmap -sC -sV -T4 -p- -oN fullNmap.txt 10.10.10.168 Nmap scan report for

SummaryUse a file upload to upload our reverse shell to the systemExploit a running cronjob that runs a php file every couple minutesUse a file that can be run as

Start off with an Nmap scan # Nmap 7.70 scan initiated Tue Jul 2 13:01:19 2019 as: nmap -sV -sC -T4 10.10.10.115 Nmap scan report

SummaryFind a python interactive console by enumerating the web pageUse the interactive console to add your SSH public key to the authorized_keys file and then SSH inUnshadow the shadow.

SummaryOn FTP, there is a message hinting that I need a source file for the web applicationBy running a gobuster, I can find all the directories and pagesI use the

SummaryAccess an open SMB share to find a full Windows backup fileGrab the SAM hases and crack the passwordmRemoteNG is install and the password is stored inside the configuration fileUse

SummaryUse an old FTP exploit to open a backdoor on the box allowing us to get a Psy php shellGrab a CA key file off the box and a CA

First I start with an Nmap scan # nmap -sV -sC -T4 10.10.10.123 [4/1115] Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-19 09:39 EDT Nmap

SummaryDo some simple HTTP enumeration to find a custom php scriptUse the phpbash.php script grab user and root flagFirst I start with an nmap scan Starting Nmap 7.80

First we start with an nmap scan. # nmap -sC -sV -T4 -p- 10.10.10.48 Starting Nmap 7.80 ( https://nmap.org ) at 2019-09-17 20:17 EDT Nmap scan