Hackthebox - SecNotes Writeup - Zinea InfoSec Blog

1.0Zinea InfoSec Bloghttps://zineausa.com/blogZineahttps://zineausa.com/blog/author/serialenabler/Hackthebox - SecNotes Writeup - Zinea InfoSec Blogrich600338<blockquote class="wp-embedded-content" data-secret="NtIlrbkpFG"><a href="https://zineausa.com/blog/2019/01/hackthebox-secnotes-writeup/">Hackthebox – SecNotes Writeup</a></blockquote><iframe sandbox="allow-scripts" security="restricted" src="https://zineausa.com/blog/2019/01/hackthebox-secnotes-writeup/embed/#?secret=NtIlrbkpFG" width="600" height="338" title="“Hackthebox – SecNotes Writeup” — Zinea InfoSec Blog" data-secret="NtIlrbkpFG" frameborder="0" marginwidth="0" marginheight="0" scrolling="no" class="wp-embedded-content"></iframe><script type="text/javascript"> /* <![CDATA[ */ /*! This file is auto-generated */ !function(d,l){"use strict";l.querySelector&&d.addEventListener&&"undefined"!=typeof URL&&(d.wp=d.wp||{},d.wp.receiveEmbedMessage||(d.wp.receiveEmbedMessage=function(e){var t=e.data;if((t||t.secret||t.message||t.value)&&!/[^a-zA-Z0-9]/.test(t.secret)){for(var s,r,n,a=l.querySelectorAll('iframe[data-secret="'+t.secret+'"]'),o=l.querySelectorAll('blockquote[data-secret="'+t.secret+'"]'),c=new RegExp("^https?:$","i"),i=0;i<o.length;i++)o[i].style.display="none";for(i=0;i<a.length;i++)s=a[i],e.source===s.contentWindow&&(s.removeAttribute("style"),"height"===t.message?(1e3<(r=parseInt(t.value,10))?r=1e3:~~r<200&&(r=200),s.height=r):"link"===t.message&&(r=new URL(s.getAttribute("src")),n=new URL(t.value),c.test(n.protocol))&&n.host===r.host&&l.activeElement===s&&(d.top.location.href=t.value))}},d.addEventListener("message",d.wp.receiveEmbedMessage,!1),l.addEventListener("DOMContentLoaded",function(){for(var e,t,s=l.querySelectorAll("iframe.wp-embedded-content"),r=0;r<s.length;r++)(t=(e=s[r]).getAttribute("data-secret"))||(t=Math.random().toString(36).substring(2,12),e.src+="#?secret="+t,e.setAttribute("data-secret",t)),e.contentWindow.postMessage({message:"ready",secret:t},"*")},!1)))}(window,document); //# sourceURL=https://zineausa.com/blog/wp-includes/js/wp-embed.min.js /* ]]> */ </script> https://zineausa.com/blog/wp-content/uploads/2019/01/1_luv67Hf76w4riMMRoSuRpg.png1192758This is a write-up for the Secnotes machine on hackthebox.eu which was retired on 1/19/19! Summary Secnotes is a medium difficulty Windows machine which will help you practice some basic SQL injection, explore SMBclient, and use some simple php scripting. Enumeration As always, our first step is enumeration. We use the following command in nmap […]