hackthebox
-
Read more: Freelancer – Hack The Box – @lautarovculicUser.txt Let’s discover what open ports are in the target sudo nmap -sV -p- -Pn -vv -T4 10.129.69.11 Output: PORT STATE SERVICE REASON VERSION 53/tcp open domain syn-ack ttl 127 Simple DNS Plus 80/tcp open http syn-ack ttl 127 nginx 1.25.5 88/tcp open kerberos-sec syn-ack ttl 127 Microsoft Windows Kerberos (server time: 2024-06-02 01:14:36Z) 135/tcp…
-
Read more: Explore – Hack The Box – @lautarovculicUser.txt Let’s check the open ports with nmap sudo nmap -sV -p- -Pn -vv -T4 10.10.10.247 Output: PORT STATE SERVICE REASON VERSION 2222/tcp open ssh syn-ack ttl 63 Banana Studio SSH server app (net.xnano.android.sshserver.tv) (protocol 2.0) 5555/tcp filtered freeciv no-response 46243/tcp open unknown syn-ack ttl 63 59777/tcp open http syn-ack ttl 63 Bukkit JSONAPI httpd…
-
Read more: APKrypt – Hack The Box – @lautarovculicDifficult: Easy Category: Mobile OS: Android Description: Can you get the ticket without the VIP code? Download the zip file and extract with the hackthebox password. There are a README.txt file that say Install this application in an API Level 29 or earlier (i.e. Android 10.0 (Google APIs)). Decompile the apk with apktool apktool d…
-
Read more: Anchored – Hack The Box – @lautarovculicDifficult: Easy Category: Mobile OS: Android Description: A client asked me to check if I can intercept the https request and get the value of the secret parameter that is passed along with the user’s email. The application is intended to run in a non-rooted device. Can you help me find a way to intercept…
-
Read more: Manager – Hack The Box – @lautarovculicDifficult: Easy Category: Mobile OS: Android Description: A client asked me to perform security assessment on this password management application. Can you help me? Download, and extract the .zip file with the password hackthebox, and, Start the Instance. In my case is: 94.237.54.233:56388 There are a README.txt file that say Install this application in an…
-
Read more: Pinned – Hack The Box – @lautarovculicDifficult: Easy Category: Mobile OS: Android Description: This app has stored my credentials and I can only login automatically. I tried to intercept the login request and restore my password, but this seems to be a secure connection. Can you help bypass this security restriction and intercept the password in plaintext? Download the .zip file…
-
Read more: Don’t Overreact – Hack The Box – @lautarovculicDifficult: Very Easy Category: Mobile OS: Android (SDK 29) Description: Some web developers wrote this fancy new app! It’s really cool, isn’t it? Download the .zip file and extract with hackthebox password. Let’s decompile the apk file with apktool apktool d app-release.apk We can see that the SDK is 29, then we can use Android…
-
Read more: BoardLight – Hack The Box – @lautarovculicUser.txt First, we need know the ports and services that are present in the target sudo nmap -sV -p- -Pn -vv -T4 10.10.11.11 Output: PORT STATE SERVICE REASON VERSION 22/tcp open ssh syn-ack ttl 63 OpenSSH 8.2p1 Ubuntu 4ubuntu0.11 (Ubuntu Linux; protocol 2.0) 80/tcp open http syn-ack ttl 63 Apache httpd 2.4.41 ((Ubuntu)) Add boardlight.htb…
-
Read more: Investigator – Hack The Box – @lautarovculicDifficult: Medium Category: Mobile OS: Android Description: In one of the mobile forensics investigations we encountered, our agent gave us these files and told us that their owner using one password for almost everything. Can you extract the flag from the secret messages? Download the .zip file and extract the content with the hackthebox password.…
-
Read more: Waiting – Hack The Box – @lautarovculicDifficult: Medium Category: Mobile OS: Android Description: The app stores a secret and says it is stored securely even in case the application has been tampered. Are you able to retrieve it? As always, download the .zip file and extrat with hackthebox as password. Decompile with apktool apktool d app-release.apk The SDK is 31, then…