Author: usafitz

hacker in flight guide
Hack The Box PRIORITIES TRAINING

Status Report 20210801

So it’s been a couple months now, and I’m feeling great about everything that I’ve accomplished. I started out just going after every challenge that I could find, and mostly, I was able to accomplish success.

Shortly into my journey, I realized that I would have much better success with my learning if I were to separate tasks. I have been at the learning game for my entire life, always seeking more knowledge on everything that I do; and I’ve learned a few things about how learning can be best accomplished.

For the task of learning more about hacking, it would be the easy button to go ahead and pwn each box from start to finish. Do the scans, find the foot-hold, get in, then privilege escalate based on some further enumeration. That, however, is not the right answer if you want to get the maximum amount of learning out of each task! Therefore, I separated my learning into compartments that will yield a much greater result.

Continue Reading
hacker in flight guide
Hack The Box KALI LINUX WEBPAGE

HTB – Haircut – FH: Curl

The only ports available on the Haircut box were 22, and 80. As SSH usually reveals no interesting attack vectors, it’s always best to go for port 80. So I visited the site.

Continue Reading
hacker in flight guide
Hack The Box KALI LINUX OSCP SQL Injection

HTB – Sneaky – FH: SQLI

Foot-hold: SQL Injection

This box is going to make me do some learning! It was extremely basic in the scans, and didn’t reveal hardly anything. NMAP only showed port 80, and gobuster showed a folder called /dev. Those were two things that could easily be put together to give a hint as to the way forward.

Continue Reading
hacker in flight guide
Hack The Box KALI LINUX OSCP

HTB – October – FH: File Upload

Foot-hold: File upload after logging in

On October, only ports 22 and 80 were open. It was pretty obvious to go check on the website to see what was up.

Continue Reading
hacker in flight guide
Hack The Box KALI LINUX OSCP SQL Injection

HTB – Cronos – FH: DNS, then SQL Injection

Foot-hold: DNS, then SQL Injection

NMAP shoed a few ports for http, DNS, and SSH.
I wanted to go ahead and check for any exploits for Apache. Turns out that a lot of these Hack The Box ‘boxes’ run the same Apache. So I’ve seen this dance before. I can confirm that I can GET, POST, etc to the Apache server… but I haven’t been able to exploit this so far. The google search for Apache 2.4.18 revealed an attack called Optionsblee that I’ve seen before.

Continue Reading
hacker in flight guide
Hack The Box KALI METASPLOIT WINDOWS

HTB – Arctic – FH: Metasploit

Foot-hold: Metasploit module allowing arbitrary file uploads

Continue Reading
hacker in flight guide
OSCP

OSCP Practice References

This was interesting… someone made a list of all the boxes that are good to practice for the Offensive Security Certified Professional (OSCP) exam. That’s the one that is my goal.

I will make a note of this now and use it whenever appropriate

OSCP Practice References

hacker in flight guide
Hack The Box KALI LINUX SQL Injection WINDOWS

HTB – Bastard – FH: Drupalgeddon2

Foot-hold: Remote Code Execution with Drupalageddon2

Nmap showed a few ports open, but it was obvious that the website was to be exploited for this box. The website shows a Drupal install.

Continue Reading
hacker in flight guide
Hack The Box KALI METASPLOIT WINDOWS

HTB – Optimum – FH: RCE

Foot-hold: Remote Code Execution, through Metasploit

This Optimum box took all of about 15 seconds after I discovered the service that was running. It’s at the bottom of the screenshot.

Continue Reading
hacker in flight guide
Hack The Box KALI LINUX TRAINING

HTB – Beep – FH: LFI

Foot-hold: Local File Inclusion

For the Beep box, there were several ports found with NMAP. Some looked like mail servers, and others for MySQL and other things. So I explored around for each of them.

Found login page via https://10.10.10.7/
Port 80 redirects to this…

Continue Reading
Scroll to top