Hack the box walkthrough

  Concepts Learnt : 1. Enumeration 2. Snap privilege escalation 3. Drupal exploit (metasploit) 4. python2 Steps to Enumerate : Run an Nmap Scan to find all the open ports! Command : nmap 10.10.10.233 -A 10.10.10.233  IP of the Server -A  This options makes  Nmap  make an effort in identifying the target OS,services and the versions. It also does traceroute and applies NSE scripts to detect additional information. -vv  Defines level 2 verbosity for the scan We see that there are 4 ports open : 22/tcp- SSH port 80/tcp- HTTP port 2021/tcp — Servexec(filtered) 7435/tcp — unknown(filtered) Lets   check the http site on port 80: A simple website with User Login! Lets try the simple admin:password combination to check! Doesn’t work! Checking the page source, we can see that is Drupal version 7 Let’s check if we can work a way around the login page! Exploring, I found that Drupal 7 can be exploited using Metasploit! Command : msfconsole Command : search drupal...

  Hack The Box- Spectra Walkthrough Concepts Learnt : Enumeration 2. Database misconfiguration 3. Wordpress admin upload(metasploit) 4. Linux file system(Initctl) Steps to Enumerate : Run an Nmap Scan to find all the open ports! Command : nmap 10.10.10.229 -A 10.10.10.229  IP of the Server -A  This options makes  Nmap  make an effort in identifying the target OS,services and the versions. It also does traceroute and applies NSE scripts to detect additional information. -vv  Defines level 2 verbosity for the scan We see that there are 3 ports open : 22/tcp- SSH port 80/tcp- HTTP port 3306/tcp — MySQL port Lets ch e ck the http site on port 80: A simple site with 2 links to the tracker site and Test, but we cannot load the site We see a domain attached spectra.htb to these links, lets add it to the /etc/hosts folder. Command : sudo nano etc/hosts And add the following line 10.10.10.229 spectra.htb Now lets load the pages Software issue tracker page is just a ...