8 posts tagged with "Clear Text Credentials"

Summary:​

We test connectivity, scan, and enumerate the target website. We discover a PHP type juggling vulnerability and exploit it to gain access to the admin file uploads directory. Using this access, we upload a web shell via the upload functionality. Enumerating the system with our new tool, we find clear text credentials that grant us user-level SSH access. We then escalate to root by exploiting sudo using find. Finally, we grab the root flag.

Machine Name: Base | Difficulty: Easy | OS: Linux

Summary:​

We test connectivity and scan the target, then enumerate its TFTP service and web page. We find an unauthenticated upload function on TFTP and a Local File Inclusion (LFI) vulnerability on the web page. We use these to upload a PHP reverse shell and gain low-level access via LFI.

With this foothold, we upgrade our access to user level using the acquired clear-text credentials. We then grab the user flag, enumerate further, and exploit privilege escalation opportunities to reach root level access with the help of the lxdprivesc script. Finally, we obtain the root flag.

Machine Name: Included | Difficulty: Easy | OS: Linux

Summary:​

We test connectivity and scan the target, then enumerate its web app and identify vulnerabilities. We find a Log4Shell vulnerability and exploit it using Metasploit to get a reverse shell connection with low-level access. From there, we grab the user flag and use our access to modify the admin credentials in the MongoDB database. We then log in as admin and change the recorded SSH credentials to ones under our control, granting us root privileges. Finally, we obtain the root flag.

Machine Name: Unified | Difficulty: Easy | OS: Linux

Summary:​

We test connectivity and scan the target, then use anonymous FTP access to download and crack a zip archive using John the Ripper. Analyzing the source code and exploiting a hardcoded hash gives us web app access via compromised credentials.

We identify an SQL injection vulnerability, gain control, and upgrade to a reverse shell with low-privileged access. As we enumerate the machine, we find privilege escalation opportunities and exploit SUDO vulnerabilities to gain root access, ultimately obtaining both user and root flags.

Machine Name: Vaccine | Difficulty: Easy | OS: Linux

Summary:​

This article guides users through completing the Oopsie machine challenge on Hack The Box. The steps outline a hacking scenario, from initial connection testing and scanning to exploiting vulnerabilities in a web application, including IDOR, cookie manipulation, and SUID exploitation, ultimately leading to gaining admin access and finally grabbing the root flag.

Machine Name: Oopsie | Difficulty: Easy | OS: Linux

Summary:​

This article guides users through completing the Archetype machine challenge on Hack The Box. We exploit vulnerabilities on a Microsoft SQL Server by enumerating SMB shares, finding clear text credentials, and using Impacket to authenticate and gain an authorized connection. We then escalate privileges and download Netcat to establish a reverse shell, grab the user flag, and eventually use Impacket's psexec tool to gain admin access and retrieve the root flag before terminating the connection.

Machine Name: Archetype | Difficulty: Easy | OS: Windows

Summary:​

This walkthrough guides users through solving the Funnel machine challenges on Hack The Box, covering tasks such as network scanning, file analysis, and database interactions to ultimately acquire flags.

Machine Name: Funnel | Difficulty: Easy | OS: Linux

Summary:​

This walkthrough provides help solving the Crocodile machine on Hack The Box. The guide covers various topics, including Nmap scanning, service version identification, FTP login procedures, and directory brute force using Gobuster.

Machine Name: Crocodile | Difficulty: Easy | OS: Linux