This is a write-up for the Ypuffy machine on hackthebox.eu which was retired on 2/9/19! Step 1: Enumeration Like usual, let’s start with a quick nmap to see what ports are open: nmap -sC -sV -oA nmap1.txt -Pn 10.10.10.107 First we attempt to browse to port 80 like usual, but we get a “the connection […]
Category: HackTheBox
Hackthebox – SecNotes Writeup
This is a write-up for the Secnotes machine on hackthebox.eu which was retired on 1/19/19! Summary Secnotes is a medium difficulty Windows machine which will help you practice some basic SQL injection, explore SMBclient, and use some simple php scripting. Enumeration As always, our first step is enumeration. We use the following command in nmap […]
Hackthebox – Waldo Writeup
This is a write-up for the Waldo machine on hackthebox.eu which was retired on 12/15/18! Step 1: enumerate! Run an automated scan with this script: https://github.com/vishalb2308/Pentest-Enumeration-Script/blob/master/EnumScript.py or something like: nmap -sC -sV -oA /tmp/nmap1.txt -Pn 10.10.10.87 Which should result in something like this: We type in 10.10.10.87 in the browser and this shows up: At […]
Hackthebox – Bounty Writeup
This is a writeup for the Bounty machine on hackthebox.eu which was retired on 10/27/18! We first enumerate ports with: nmap -sC -sV -Pn 10.10.10.93 Port 80 is open so we go to it and it shows a wizard, nice. We look around the site and find that the server is Microsoft-IIS/7.5 but that’s not […]
Hackthebox – DevOops Writeup
This is a writeup for the DevOops machine on hackthebox.eu which was retired on 10/13/18! First, enumerate! Let’s try the custom python enumeration script a friend of ours made: https://github.com/vishalb2308/Pentest-Enumeration-Script/blob/master/EnumScript.py The nmap part of the script indicates that: ports 22 and 5000 are open ssh is on 22 and supports publickey and password authentication Server […]
Hackthebox – Sunday Writeup
This is a writeup for the Sunday machine on hackthebox.eu which was retired on 9/29/18! We started with a typical nmap scan: nmap -sC -sV -Pn 10.10.10.76 This results in: We then start a nmap scan on all ports: nmap -p 1-65535 -T4 -A -v –min-rate 1000 –max-retries 5 10.10.10.76 We get two additional ports […]
Hackthebox – Canape Writeup
This is a writeup for the Canape machine on hackthebox.eu which was retired on 9/15/18! First, enumerate! Let’s try the custom python enumeration script a friend of ours made: https://github.com/vishalb2308/Pentest-Enumeration-Script/blob/master/EnumScript.py We find that port 80 is open and the page looks something like this: nmap (with command nmap -sC -sV 10.10.10.70) indicated that there was […]
Hackthebox – Poison Writeup
This is a writeup for the Poison machine on hackthebox.eu which was retired on 9/8/18! Enumeration first! We do a standard scan with nmap: nmap -sC -sV -Pn 10.10.10.84 We find ports 22 and 80 open, nice. We go to 10.10.10.84. Nice it actually lists out the files that are there.. don’t even have to […]
Hackthebox – Stratosphere Writeup
This is a writeup for the Stratosphere machine on hackthebox.eu which was retired on 9/1/18! First, enumerate! Let’s try the custom python enumeration script a friend of ours made: https://github.com/vishalb2308/Pentest-Enumeration-Script/blob/master/EnumScript.py This means we run the following 3 commands.. mkdir /root/Desktop/MyScripts mkdir /root/Desktop/MyScripts/Reports python3 EnumScript.py Script suggests port 22, 80, and 8080 are open. Note:SSH supports […]
Hackthebox – Celestial Writeup
This is a writeup for the Celestial machine on hackthebox.eu! We first enumerate for open ports as usual, with the nmap scan: nmap -sC -sV -Pn 10.10.10.85 Ok… port 3000 is open.. let’s try to browse there: 10.10.10.85:3000 404 is on the page.. hmmm. ctrl+u whoa.. refreshing the page changed it: hey dummy 2+2 is […]