Tabby is an easy Linux based machine from Hackthebox. The initial foothold to this box is obtained by Tomcat Manager app exploit and an LFI. Gaining user access requires a decent amount of enumeration. Root access obtained by exploiting the LXC. In this blog I have tried to separate each process Enumeration 2. Initial foothold 3. Lateral movement 4. Privilage ...

From the quick nmap scan I saw that two ports were open SSH and http By browsing into the port 80, I get to know that litecart is during by running gobuster I found /backup directory From there I got a tar file. I downloaded it my local machine From the file at shop/admin/login.php from the tar file I got ...

Lets get statrted by viewing the nmap results We can see that port 80 is running with a web server. Gobuster was failing continuously and I decided to take a peek in the official discussion forum. So I confirmed that was not an issue. So I continued inspecting the page and in the bottom side of the page it is ...

Remote is an easy windows machine from Hack the box. Lets get started with the result nmap scan At port 80 there was a http server running When I naviagated through the pages I found some names which could be potential usernames I thought of brute forcing these usernames on smb service In parallel I also initiated gobuster and got ...

Information Gathering As usual lets start with the nmap scan From the above image I saw that the port 80 is open. In parallel I also triggered a wfuzz for subdomains Later, When I tried to access port 80, the browser was redirected to sneakycorp.htb. I added this to the hosts file and tried accessing it on the browser. I ...

Initial Nmap scan When I tried access port 80, it got redirected to fuse.fabricorp.local. After adding it to my /etc/hosts file I got the below page I downloaded each CSV file and found something interesting I found below usernames pmerton tlavel sthompson bhult I tried smbclient anonymous login allowed, but nothing there was found. I created a list of passwords ...

Blackfield is very well built AD machine. This machine will give the oppurtunity to learn about many different services used in AD. Let’s start with nmap scan After this i tried enumerating with enum4linux and smbclient. Smbclient is a tool used to access SMB resources on a server, much like an FTP client is used to access files. It offers a simple ...

Started with nmap scan nmap –sS –sV –T4 10.10.10.200 First I tried access the http port but nothing was rendering there. The port 873 is enabled here,rsync is a utility for efficiently transferring and synchronizing files between a computer and an external hard drive and across networked computers by comparing the modification times and sizes of files(souce google.com) rsync -v ...

Cascade is a Windows machine that just got retired. This had got an active directory which we will try to penetrate in and get the admin privilege. Let’s begin with the nmap scan sudo nmap -sS -sV 10.10.10.182 After doing the map enumeration, I decided to try LDAP enumeration using ldapsearch ldapsearch -x -b “dc=CASCADE, dc=local” -h 10.10.10.182 From this ...