7 posts tagged with "Databases"

Summary:​

We test connectivity and scan the target, then enumerate its web app and identify vulnerabilities. We find a Log4Shell vulnerability and exploit it using Metasploit to get a reverse shell connection with low-level access. From there, we grab the user flag and use our access to modify the admin credentials in the MongoDB database. We then log in as admin and change the recorded SSH credentials to ones under our control, granting us root privileges. Finally, we obtain the root flag.

Machine Name: Unified | Difficulty: Easy | OS: Linux

Summary:​

We test connectivity and scan the target, then use anonymous FTP access to download and crack a zip archive using John the Ripper. Analyzing the source code and exploiting a hardcoded hash gives us web app access via compromised credentials.

We identify an SQL injection vulnerability, gain control, and upgrade to a reverse shell with low-privileged access. As we enumerate the machine, we find privilege escalation opportunities and exploit SUDO vulnerabilities to gain root access, ultimately obtaining both user and root flags.

Machine Name: Vaccine | Difficulty: Easy | OS: Linux

Summary:​

This walkthrough assists with solving the Sequel machine challenge on Hack The Box, focusing on tasks related to MySQL. Key takeaways include understanding various SQL concepts, utilizing tools like Nmap, and exploiting vulnerabilities to gain access to sensitive information, including a "root flag" in the "htb" database.

Machine Name: Sequel | Difficulty: Easy | OS: Linux

Summary:​

This walkthrough provides assistance with solving the Appointment machine challenge on Hack The Box, focusing on tasks related to SQL, MySQL, and MariaDB, while highlighting potential security vulnerabilities such as SQL injection. Key takeaways include understanding various SQL concepts, utilizing tools like Nmap and Gobuster, and exploiting vulnerabilities to gain access to sensitive information.

Machine Name: Appointment | Difficulty: Easy | OS: Linux

Summary:​

This walkthrough guides beginners through completing the Mongod machine challenge on Hack The Box, covering essential steps and commands to solve Tier 0 challenges, including interacting with MongoDB and managing databases. It provides step-by-step instructions on how to connect to the target machine, use nmap and other tools, and submit the root flag.

Machine Name: Mongod | Difficulty: Easy | OS: Linux

Summary:​

This article guides users through completing the Redeemer machine challenge on Hack The Box. Through a series of tasks, users are guided in connecting to the target machine via pwnbox, identifying open TCP ports, determining service versions, understanding Redis database types, using command-line utilities for interaction, and obtaining flags.

Machine Name: Redeemer | Difficulty: Easy | OS: Linux

How The Web Works | Putting it all together | Summary:​

This series of walkthroughs aims to help out complete beginners with finishing the Pre Security Path on the TryHackMe website. It is based on the learning content provided in the Putting it all together room.