Category: Write-Ups
-
Bolt – HackTheBox
Bolt is a Medium level machine on HTB that was recently retired. Nmap scan: Enumeration: Port 80 – HTTP There’s a pretty basic website with not many obvious paths, but I was able to download a copy of the docker file that is presumably being used to run the webserver, so saving that for now,…
-
Nineveh – HackTheBox
Nineveh is a medium-ranked box on HTB that happens to be on TJNull’s list of boxes to try for extra OSCP practice. Scanning Enumerating HTTP Port 80 Gobuster revealed an info page. Cool. I had to run another gobuster scan with a more thorough list to uncover another hidden directory. Found this in the page…
-
Blueprint – TryHackMe
Started off with my usual nmap scan: Looks like a windows server. I went ahead and ran a basic gobuster scan against both 80 and 8080. Nothing doing at port 80 but there was something interesting at 8080: The catalog itself led to a messed up default page for this oscommerce app, so with the…
-
RazorBlack – TryHackMe
This was a pretty neat little box for learning a little about AD exploits. Note that I had to reset it several times as the network kept timing out, especially when interacting over Evil-WinRM, which is why the IP changes so many times. I started out with my typical nmap scan: That’s a lot of…
-
Driver – HackTheBox
Started by running my standard nmap scan: So there’s an SMB server running and a web server. I couldn’t access the SMB server so I checked out the site and ran a gobuster scan in the meantime. I am presented with a login screen, so I go back to look at my nmap scan and…
-
Bounty Hunter – HackTheBox
Started out with my standard nmap scan: So SSH and port 80 is open, so I’ll just go check out that web server. Within it there’s a directory that looks like it leads to a db search: I captured some test data from this in Burp: So I notice a couple things. One is that…
-
Cap – HackTheBox
Sometimes the so-called easy boxes can prove to be the trickiest even though, once the vectors are found, they were quite easy after all. Such is the case for this box. I booted up and launched my nmap scan with some immediate results: FTP, SSH, HTTP server all running. I skipped over ftp for now…
-
LFI – TryHackMe
Link to the THM room I ignored scanning on this machine because I knew we were in the LFI room. If the IP had not returned a valid site though, I would have run a scan to determine the port where the web server was running. Once the IP was up, I checked out the…
A Cyber Journey 