writeup
-
Read more: Runner – Hack The Box – @lautarovculic
User.txt First we will discover the open ports with nmap sudo nmap -sS -sU –min-rate 5000 -n -Pn -T4 -vv 10.10.11.13 Output: PORT STATE SERVICE REASON VERSION 22/tcp open ssh syn-ack ttl 63 OpenSSH 8.9p1 Ubuntu 3ubuntu0.6 (Ubuntu Linux; protocol 2.0) 80/tcp open http syn-ack ttl 63 nginx 1.18.0 (Ubuntu) 8000/tcp open nagios-nsca syn-ack ttl…
-
Read more: Usage – Hack The Box – @lautarovculic
User.txt Will discover open ports with nmap sudo nmap -sS -sV –min-rate 5000 -n -Pn -T4 -vv 10.10.11.18 Output PORT STATE SERVICE REASON VERSION 22/tcp open ssh syn-ack ttl 63 OpenSSH 8.9p1 Ubuntu 3ubuntu0.6 (Ubuntu Linux; protocol 2.0) 80/tcp open http syn-ack ttl 63 nginx 1.18.0 (Ubuntu) Inspectin the webserver in the port 80, we…
-
Read more: IClean – Hack The Box – @lautarovculic
User.txt First, we will discover which ports are open. sudo nmap -sS –min-rate 5000 -n -Pn -T4 -vv -sV 10.10.11.12 Output: PORT STATE SERVICE REASON VERSION 22/tcp open ssh syn-ack ttl 63 OpenSSH 8.9p1 Ubuntu 3ubuntu0.6 (Ubuntu Linux; protocol 2.0) 80/tcp open http syn-ack ttl 63 Apache httpd 2.4.52 ((Ubuntu)) If we go to clean.htb…
-
Read more: Oauthbreaker – Hacker101 CTF – @lautarovculic
Difficulty: Moderate Skills: Android Flags: 2 Flag 1/2 The first thing that we need to do is download the .APK file and decompile with apktool ☝️🤓 apktool d oauth.apk And for recon, I’ll run MobSF and jadx-gui The target SDK is 28, then I will use my Android 9.0 with Genymotion. Install the .APK with…
-
Read more: Intentional Exercise – Hacker101 CTF – @lautarovculic
Difficulty: Moderate Skills: Android Flags: 1 Flag 1/1 First, we need wait until the APK is building. Download the .APK file. Decompile the .APK with apktool apktool d level13.apk The target SDK is 28 (Android 9.0). Then, install the APK with ADB to our Android Device, I use Genymotion. adb install level13.apk Open the app…
-
Read more: Codify – Hack The Box – @lautarovculic
User.txt Add the machine IP to /etc/hosts file Now it’s nmap time sudo nmap -sS –min-rate 5000 -n -Pn -T4 -vv 10.10.11.239 PORT STATE SERVICE REASON VERSION 22/tcp open ssh syn-ack ttl 63 OpenSSH 8.9p1 Ubuntu 3ubuntu0.4 (Ubuntu Linux; protocol 2.0) 80/tcp open http syn-ack ttl 63 Apache httpd 2.4.52 3000/tcp open http syn-ack ttl…
-
Read more: Analytics – Hack The Box – @lautarovculic
User.txt First we will configure the /etc/hosts file to be able to work. It’s time to see what the nmap scan says. We have port 22 and 80 open. Let’s take a look at what’s on the website. It seems that, as in most machines, the IP addresses the name, in this case, it redirects…
-
Read more: CozyHosting – Hack The Box – @lautarovculic
User.txt First, as usual, let’s configure our /etc/hosts file with the IP linked to the domain cozyhosting.htb After that, let’s do the recon scan with nmap. On port 80, we find the web page, which has a login. Let’s do a scan with dirb to find other directories and possible entry points. And we find…
-
Read more: Visual – Hack The Box – @lautarovculic
User.txt We note that the only open port is 80:HTTP After configuring as usual the /etc/hosts file, let’s take a look at the content of the web page, underneath, we find a functionality; which as it indicates, we can send a repository. But first, take a close look at the following message: Basically, a Git…
-
Read more: Keeper – Hack The Box – @lautarovculic
User.txt First we are going to configure the /etc/hosts file According to nmap, we have port 22 and 80 open. We see that keeper.htb redirects us to another page with a subdomain, we will also add it to /etc/hosts to be able to reach it. I tried enumerating with dirb, but to no avail. I…