HTB

This post is a walkthrough of the Hack The Box (Originally VulnLab Box) room Retro Hack The Box: Retro – Exploiting Weak Credentials, Pre-Created Computer Accounts, and Certificate Vulnerabilities Retro is an Easy-rated Windows machine from VulnLabs that offers a fantastic introduction to Active Directory (AD) exploitation, covering weak credential hygiene, pre-created computer account abuse, and certificate template vulnerabilities. The attack path begins with anonymous LDAP enumeration, revealing a list of domain users through a RID brute-force attack using the default guest account. A simple password spray attack with usernames as passwords yields valid credentials, granting access to network shares. Among these shares, a seemingly innocuous ToDo.txt file provides a critical clue—mentioning outdated finance software and pre-created computer accounts in the domain. ...

This post is a walkthrough of the Hack The Box (Originally VulnLab Box) room Down Intro Down is an easy Linux box created originally for Vulnlabs. Hack The Box recently acquired Vulnlabs and are sarting make available the machines. You will need a HTB VIP+ account to access these boxes. From SSRF to Root: A Step-by-Step Breakdown of a Web App Exploitation Chain In this penetration testing engagement, we began by discovering a Server-Side Request Forgery (SSRF) vulnerability, which led us to a Local File Inclusion (LFI) flaw. Exploiting the LFI, we extracted the source code of the web application, revealing a hidden “expertmode” feature designed to check open ports using netcat. ...

This post is a walkthrough of the Hack The Box room Nibbles Intro Nibbles is a fairly simple machine, however with the inclusion of a login blacklist, it is a fair bit more challenging to find valid credentials. Luckily, a username can be enumerated and guessing the correct password does not take long for most. Enumeration NMAP Scan sudo nmap -sVC -T4 -p- -vv -oA nmap/alltcp-ports 10.129.202.224 --open Discovered Ports Discovered open port 80/tcp on 10.129.202.224 Discovered open port 22/tcp on 10.129.202.224 Below we can see the web server is running on a Ubuntu 2.2 Server and using Apache 2.4.18 as the backend for the webserver. ...