A Linux target refers to a virtual or simulated environment set up to mimic a real-world Linux system, used in training exercises, penetration testing, or CTF-style challenges, where participants can practice and hone their skills by exploiting vulnerabilities, gaining access, and executing tasks within the contained Linux operating system.
View All Tags
We start by identifying vulnerabilities through reconnaissance and exploiting a Samba vulnerability (CVE-2007-2447) using Metasploit. We then escalate privileges to achieve root access, retrieving both user and root flags in the process, demonstrating complete control over the system.
Machine Name: Lame | Difficulty: Easy | OS: Linux
We test connectivity, scan, and enumerate the target website. We discover a PHP type juggling vulnerability and exploit it to gain access to the admin file uploads directory. Using this access, we upload a web shell via the upload functionality. Enumerating the system with our new tool, we find clear text credentials that grant us user-level SSH access. We then escalate to root by exploiting sudo using find. Finally, we grab the root flag.
Machine Name: Base | Difficulty: Easy | OS: Linux
We test connectivity and scan the target, then enumerate its TFTP service and web page. We find an unauthenticated upload function on TFTP and a Local File Inclusion (LFI) vulnerability on the web page. We use these to upload a PHP reverse shell and gain low-level access via LFI.
With this foothold, we upgrade our access to user level using the acquired clear-text credentials. We then grab the user flag, enumerate further, and exploit privilege escalation opportunities to reach root level access with the help of the lxdprivesc script. Finally, we obtain the root flag.
Machine Name: Included | Difficulty: Easy | OS: Linux
We test connectivity and scan the target, then enumerate its web app and identify vulnerabilities. We find a Log4Shell vulnerability and exploit it using Metasploit to get a reverse shell connection with low-level access. From there, we grab the user flag and use our access to modify the admin credentials in the MongoDB database. We then log in as admin and change the recorded SSH credentials to ones under our control, granting us root privileges. Finally, we obtain the root flag.
Machine Name: Unified | Difficulty: Easy | OS: Linux
We test connectivity and scan the target, then use anonymous FTP access to download and crack a zip archive using John the Ripper. Analyzing the source code and exploiting a hardcoded hash gives us web app access via compromised credentials.
We identify an SQL injection vulnerability, gain control, and upgrade to a reverse shell with low-privileged access. As we enumerate the machine, we find privilege escalation opportunities and exploit SUDO vulnerabilities to gain root access, ultimately obtaining both user and root flags.
Machine Name: Vaccine | Difficulty: Easy | OS: Linux
This article guides users through completing the Oopsie machine challenge on Hack The Box. The steps outline a hacking scenario, from initial connection testing and scanning to exploiting vulnerabilities in a web application, including IDOR, cookie manipulation, and SUID exploitation, ultimately leading to gaining admin access and finally grabbing the root flag.
Machine Name: Oopsie | Difficulty: Easy | OS: Linux
This article guides users through completing the Pennyworth machine challenge on Hack The Box. Here we conduct reconnaissance on a Jenkins server, discovering a login page and default credentials, as well as a vulnerable Script Console that can execute Groovy scripts. We exploit this vulnerability to gain access to the system and retrieve a flag located at "/root/flag.txt".
Machine Name: Pennyworth | Difficulty: Easy | OS: Linux
This walkthrough guides users through solving the Funnel machine challenges on Hack The Box, covering tasks such as network scanning, file analysis, and database interactions to ultimately acquire flags.
Machine Name: Funnel | Difficulty: Easy | OS: Linux
This walkthrough guides through solving a series of challenges on the Hack The Box website, specifically the Bike machine, to exploit a server-side template injection vulnerability in Node.js and gain root privileges.
Machine Name: Bike | Difficulty: Easy | OS: Linux
This article guides users through completing the Ignition machine challenge on Hack The Box. It covers tasks such as service version identification, HTTP status code retrieval, web fingerprinting, and brute force directory discovery, ultimately leading to gaining access to the Magento admin page and submitting the root flag.
Machine Name: Ignition | Difficulty: Easy | OS: Linux
This article guides users through completing the Three machine challenge on Hack The Box. This is a web hacking challenge that involves exploiting vulnerabilities in an S3 bucket and executing a reverse shell on the target machine. The goal is to retrieve the "flag" file from the target machine.
Machine Name: Three | Difficulty: Easy | OS: Linux
This walkthrough provides help solving the Crocodile machine on Hack The Box. The guide covers various topics, including Nmap scanning, service version identification, FTP login procedures, and directory brute force using Gobuster.
Machine Name: Crocodile | Difficulty: Easy | OS: Linux
This walkthrough assists with solving the Sequel machine challenge on Hack The Box, focusing on tasks related to MySQL. Key takeaways include understanding various SQL concepts, utilizing tools like Nmap, and exploiting vulnerabilities to gain access to sensitive information, including a "root flag" in the "htb" database.
Machine Name: Sequel | Difficulty: Easy | OS: Linux
This walkthrough provides assistance with solving the Appointment machine challenge on Hack The Box, focusing on tasks related to SQL, MySQL, and MariaDB, while highlighting potential security vulnerabilities such as SQL injection. Key takeaways include understanding various SQL concepts, utilizing tools like Nmap and Gobuster, and exploiting vulnerabilities to gain access to sensitive information.
Machine Name: Appointment | Difficulty: Easy | OS: Linux
This walkthrough provides help with solving the Synced machine challenge on Hack The Box, focusing on tasks related to rsync and its usage on the target machine. Key takeaways include understanding the default port for rsync (873), using anonymous authentication, and listing shares and files with the correct options.
Machine Name: Synced | Difficulty: Easy | OS: Linux
This walkthrough guides beginners through completing the Mongod machine challenge on Hack The Box, covering essential steps and commands to solve Tier 0 challenges, including interacting with MongoDB and managing databases. It provides step-by-step instructions on how to connect to the target machine, use nmap and other tools, and submit the root flag.
Machine Name: Mongod | Difficulty: Easy | OS: Linux
This walkthrough provides step-by-step guidance on completing the Preignition machine challenge on Hack The Box, a series of tutorials designed to help beginners complete Tier 0 challenges. The guide covers directory brute-forcing techniques, using nmap and gobuster tools, and submitting the root flag.
Machine Name: Preignition | Difficulty: Easy | OS: Linux
This article guides users through completing the Redeemer machine challenge on Hack The Box. Through a series of tasks, users are guided in connecting to the target machine via pwnbox, identifying open TCP ports, determining service versions, understanding Redis database types, using command-line utilities for interaction, and obtaining flags.
Machine Name: Redeemer | Difficulty: Easy | OS: Linux
This article guides users through completing the Fawn machine challenge on Hack The Box. It covers identifying & using an anonymous FTP service to access and download the "root flag".
Machine Name: Fawn | Difficulty: Easy | OS: Linux
This article guides users through completing the Meow machine challenge on Hack The Box. It covers identifying & exploiting telnet credentials, gaining root access, and submitting the root flag by reading "flag.txt".
Machine Name: Meow | Difficulty: Easy | OS: Linux
A write-up providing help with the Bandit wargame on the OverTheWire website, consisting of a series of 32 levels, followed by an additional challenge using an 'uppercase shell' trick at Level 33, that covers various Linux and shell scripting topics. The challenges range from basic navigation to more advanced topics like SSH authentication, file permissions, and Git usage.
Wargame Name: Bandit | Difficulty: Easy | OS: Linux
This series of walkthroughs aims to help out complete beginners with finishing the Pre Security Path on the TryHackMe website. It is based on the learning content provided in the Linux Fundamentals Part 3 room.
This series of walkthroughs aims to help out complete beginners with finishing the Pre Security Path on the TryHackMe website. It is based on the learning content provided in the Linux Fundamentals Part 2 room.
This series of walkthroughs aims to help out complete beginners with finishing the Pre Security Path on the TryHackMe website. It is based on the learning content provided in the Linux Fundamentals Part 1 room.