A vulnerability assessment is an ongoing process that identifies potential security weaknesses in a system or network. It helps organizations understand the risks associated with these vulnerabilities and prioritize remediation efforts to minimize threats from malicious actors.
View All Tags
The aim of this room is to provide an introduction to the basics of red team engagements , their components, and the stakeholders involved.
Lastly, it tries to explain the main distinctions between red teaming, vulnerability assessments, and penetration testing.
We spawn a target machine, then perform reconnaissance to gather initial information about its services and vulnerabilities. We identify an SMB vulnerability, which we investigate further by searching for applicable exploits (specifically CVE-2017-0144).
Using this knowledge, we configure an exploit with Metasploit to take advantage of the discovered vulnerability. Next, we verify the vulnerability's presence using Metasploit's capabilities. With the exploit confirmed, we run it against the target machine, leveraging its SMB vulnerability to gain access. We then proceed to grab both the user flag and root flag, ultimately achieving System Own status once these tasks are accomplished.
Machine Name: Blue | Difficulty: Easy | OS: Windows
We navigate the Hack The Box website starting by spawning a target machine. Next, we perform reconnaissance on the target to gather initial information and identify an FTP server running on it. We use anonymous authentication to access the FTP share, then enumerate the files available on this share.
Continuing our investigation, we access the NETMON configuration files and extract user credentials from them. Modifying these credentials to suit our needs, we proceed to access the PRTG Network Monitor web interface. Utilizing Metasploit's capabilities, we exploit CVE-2018-9276 to gain shell access with the "LocalSystem" account, thereby achieving system level access. With this access in hand, we grab both the user flag and root flag, ultimately declaring System Own status once these tasks are accomplished.
Machine Name: Netmon | Difficulty: Easy | OS: Windows
We navigate the Hack The Box website, starting by spawning a target machine. Next, we perform reconnaissance on the target to gather initial information. We identify a running webserver and proceed with directory enumeration using gobuster to uncover hidden directories. After discovering a server status login page with default credentials, we log in to gain access to the Manager App website.
Analyzing this app further, we collect the necessary credentials to log in and then identify a file upload vulnerability on the website. We create a malicious payload using msfvenom, which we use to upload and execute a reverse shell on the target machine. With a stable shell established at system level access, we proceed to grab both the user flag and root flag, ultimately achieving System Own status.
Machine Name: Jerry | Difficulty: Easy | OS: Windows
We start by identifying vulnerabilities through reconnaissance and exploiting a Samba vulnerability (CVE-2007-2447) using Metasploit. We then escalate privileges to achieve root access, retrieving both user and root flags in the process, demonstrating complete control over the system.
Machine Name: Lame | Difficulty: Easy | OS: Linux
We test connectivity, scan, and enumerate the target website. We discover a PHP type juggling vulnerability and exploit it to gain access to the admin file uploads directory. Using this access, we upload a web shell via the upload functionality. Enumerating the system with our new tool, we find clear text credentials that grant us user-level SSH access. We then escalate to root by exploiting sudo using find. Finally, we grab the root flag.
Machine Name: Base | Difficulty: Easy | OS: Linux
We test connectivity and scan the target, then enumerate its web app and identify vulnerabilities. We find a Log4Shell vulnerability and exploit it using Metasploit to get a reverse shell connection with low-level access. From there, we grab the user flag and use our access to modify the admin credentials in the MongoDB database. We then log in as admin and change the recorded SSH credentials to ones under our control, granting us root privileges. Finally, we obtain the root flag.
Machine Name: Unified | Difficulty: Easy | OS: Linux
We test connectivity and scan the target, then use anonymous FTP access to download and crack a zip archive using John the Ripper. Analyzing the source code and exploiting a hardcoded hash gives us web app access via compromised credentials.
We identify an SQL injection vulnerability, gain control, and upgrade to a reverse shell with low-privileged access. As we enumerate the machine, we find privilege escalation opportunities and exploit SUDO vulnerabilities to gain root access, ultimately obtaining both user and root flags.
Machine Name: Vaccine | Difficulty: Easy | OS: Linux
This walkthrough assists with solving the Sequel machine challenge on Hack The Box, focusing on tasks related to MySQL. Key takeaways include understanding various SQL concepts, utilizing tools like Nmap, and exploiting vulnerabilities to gain access to sensitive information, including a "root flag" in the "htb" database.
Machine Name: Sequel | Difficulty: Easy | OS: Linux
This article guides users through completing the Redeemer machine challenge on Hack The Box. Through a series of tasks, users are guided in connecting to the target machine via pwnbox, identifying open TCP ports, determining service versions, understanding Redis database types, using command-line utilities for interaction, and obtaining flags.
Machine Name: Redeemer | Difficulty: Easy | OS: Linux