writeup
-
Read more: Axlle – Hack The Box – @lautarovculicUser.txt First we need search for open ports in the machine sudo nmap -sV -p- -Pn -vv -T4 10.129.78.149 Output: PORT STATE SERVICE REASON VERSION 25/tcp open smtp syn-ack ttl 127 hMailServer smtpd 53/tcp open domain syn-ack ttl 127 Simple DNS Plus 80/tcp open http syn-ack ttl 127 Microsoft IIS httpd 10.0 88/tcp open kerberos-sec…
-
Read more: Editorial – Hack The Box – @lautarovculicUser.txt Let’s discover what open ports are here with nmap sudo nmap -sV -p- -Pn -vv -T4 10.129.75.79 Output: PORT STATE SERVICE REASON VERSION 22/tcp open ssh syn-ack ttl 63 OpenSSH 8.9p1 Ubuntu 3ubuntu0.7 (Ubuntu Linux; protocol 2.0) 80/tcp open http syn-ack ttl 63 nginx 1.18.0 (Ubuntu) Add the editorial.htb and tiempoarriba.htb to our /etc/hosts…
-
Read more: Blurry – Hack The Box – @lautarovculicUser.txt First, let’s discover the open ports with nmap sudo nmap -sV -p- -Pn -vv -T4 10.129.71.205 Output: PORT STATE SERVICE REASON VERSION 22/tcp open ssh syn-ack ttl 63 OpenSSH 8.4p1 Debian 5+deb11u3 (protocol 2.0) 80/tcp open http syn-ack ttl 63 nginx 1.18.0 Let’s add blurry host to our /etc/hosts file sudo echo “10.129.71.205 blurry.htb”…
-
Read more: Joker – Hack The Box – @lautarovculicDifficult: Hard Category: Mobile OS: Android Description: The malware reverse engineering team got an alert about malware which is still published on Google’s PlayStore and has thousands of installs. Can you help them to identify the address of the command and control server in order to blacklist it ? Download and extract the .zip file…
-
Read more: Freelancer – Hack The Box – @lautarovculicUser.txt Let’s discover what open ports are in the target sudo nmap -sV -p- -Pn -vv -T4 10.129.69.11 Output: PORT STATE SERVICE REASON VERSION 53/tcp open domain syn-ack ttl 127 Simple DNS Plus 80/tcp open http syn-ack ttl 127 nginx 1.25.5 88/tcp open kerberos-sec syn-ack ttl 127 Microsoft Windows Kerberos (server time: 2024-06-02 01:14:36Z) 135/tcp…
-
Read more: Explore – Hack The Box – @lautarovculicUser.txt Let’s check the open ports with nmap sudo nmap -sV -p- -Pn -vv -T4 10.10.10.247 Output: PORT STATE SERVICE REASON VERSION 2222/tcp open ssh syn-ack ttl 63 Banana Studio SSH server app (net.xnano.android.sshserver.tv) (protocol 2.0) 5555/tcp filtered freeciv no-response 46243/tcp open unknown syn-ack ttl 63 59777/tcp open http syn-ack ttl 63 Bukkit JSONAPI httpd…
-
Read more: APKrypt – Hack The Box – @lautarovculicDifficult: Easy Category: Mobile OS: Android Description: Can you get the ticket without the VIP code? Download the zip file and extract with the hackthebox password. There are a README.txt file that say Install this application in an API Level 29 or earlier (i.e. Android 10.0 (Google APIs)). Decompile the apk with apktool apktool d…
-
Read more: Anchored – Hack The Box – @lautarovculicDifficult: Easy Category: Mobile OS: Android Description: A client asked me to check if I can intercept the https request and get the value of the secret parameter that is passed along with the user’s email. The application is intended to run in a non-rooted device. Can you help me find a way to intercept…
-
Read more: Manager – Hack The Box – @lautarovculicDifficult: Easy Category: Mobile OS: Android Description: A client asked me to perform security assessment on this password management application. Can you help me? Download, and extract the .zip file with the password hackthebox, and, Start the Instance. In my case is: 94.237.54.233:56388 There are a README.txt file that say Install this application in an…
-
Read more: Pinned – Hack The Box – @lautarovculicDifficult: Easy Category: Mobile OS: Android Description: This app has stored my credentials and I can only login automatically. I tried to intercept the login request and restore my password, but this seems to be a secure connection. Can you help bypass this security restriction and intercept the password in plaintext? Download the .zip file…