Hack The Box Walkthroughs

  The nmap scan for this target shows the open ports and if we perform an aggressive scan we get to know that the target is vulnerable to MS17–010 and MS08–067. nmap scans We have a github  exploit  available for MS08–067. In this exploit we just need to change the payload . So we need to first generate the payload using msfvenom. payload generation We just need to copy and paste the payload in the POC. updating the POC Now we need to open the netcat listener on our machine and run the exploit. netcat connection We got a connection on our machine. And we can easily get the user flag and root flag. Flags Happy Hacking!!!!

  As usual let’s start our nmap scan to get some ideas about the ports that are open. nmap scan We can start with port 80. Which is a simple web page but it has links to helpdesk, contact us and html5 up pages. home page When we go to the contact us page we get to know that if we have an email address we can access mattermost server. contact us We can access the HelpDesk page where can open a new ticket. helpdesk page We need to fill up some details to open a new ticket. open a ticket When we open a ticket we get a ticket id and an email. generated a ticket Now we can use this email to create an account on the mattermost server. creating an account verify email We are supposed to verify the email to create this account and for this we can go to the helpdesk and check the status of ticket. check ticket status link to verify mail We can just copy and paste this to verify the mail. verification done Now we can login and we will see access internal team. internal team ssh credentials A...

  Lets start our journey with nmap scan nmap scan This is a windows machine ,lets work on this starting with the web pages which are present on port 80, 443 and 5000. index.php This is port 80 which is a login portal and we need Voter’s ID and Password for this. port 443 This is port 443 which seems to be leaking information other than that its not accessible. staging.love.htb We have a subdomain staging.love.htb which scans for files, if we scan for  http://127.0.0.1:5000/  we get the credentials for admin user. Now we can search for some directories for love.htb directory busting We got the admin page over here which might be helpful and we have the credentials as well. We have a few options here ,we can simply update the profile and it would go to the /images directory. Other way of doing this is by adding voters. adding user with malicious file file upload successful Now that we have uploaded the file we can see the result by running the command on the webpage and we ...