12 posts tagged with "Windows-Target"

Summary:​

We spawn a target machine, then perform reconnaissance to gather initial information about its services and vulnerabilities. We identify an SMB vulnerability, which we investigate further by searching for applicable exploits (specifically CVE-2017-0144).

Using this knowledge, we configure an exploit with Metasploit to take advantage of the discovered vulnerability. Next, we verify the vulnerability's presence using Metasploit's capabilities. With the exploit confirmed, we run it against the target machine, leveraging its SMB vulnerability to gain access. We then proceed to grab both the user flag and root flag, ultimately achieving System Own status once these tasks are accomplished.

Machine Name: Blue | Difficulty: Easy | OS: Windows

Summary:​

We navigate the Hack The Box website starting by spawning a target machine. Next, we perform reconnaissance on the target to gather initial information and identify an FTP server running on it. We use anonymous authentication to access the FTP share, then enumerate the files available on this share.

Continuing our investigation, we access the NETMON configuration files and extract user credentials from them. Modifying these credentials to suit our needs, we proceed to access the PRTG Network Monitor web interface. Utilizing Metasploit's capabilities, we exploit CVE-2018-9276 to gain shell access with the "LocalSystem" account, thereby achieving system level access. With this access in hand, we grab both the user flag and root flag, ultimately declaring System Own status once these tasks are accomplished.

Machine Name: Netmon | Difficulty: Easy | OS: Windows

Summary:​

We navigate the Hack The Box website, starting by spawning a target machine. Next, we perform reconnaissance on the target to gather initial information. We identify a running webserver and proceed with directory enumeration using gobuster to uncover hidden directories. After discovering a server status login page with default credentials, we log in to gain access to the Manager App website.

Analyzing this app further, we collect the necessary credentials to log in and then identify a file upload vulnerability on the website. We create a malicious payload using msfvenom, which we use to upload and execute a reverse shell on the target machine. With a stable shell established at system level access, we proceed to grab both the user flag and root flag, ultimately achieving System Own status.

Machine Name: Jerry | Difficulty: Easy | OS: Windows

Summary:​

We test connectivity to the target and scan it, then enumerate its website and login with some default credentials. Once we have user access, we continue enumerating the site. Analyzing the page source code reveals the used XML version and a potential username.

We exploit the found XXE vulnerability to leak the user's private SSH key, allowing us to access the target machine via SSH and gain user-level access. Next, we grab the user flag. With our foothold established, we enumerate the machine with user-level access until we find a job.bat file that runs with administrator privileges. We exploit this by modifying the scheduled job to run our reverse shell, wait for it to execute, and catch the connection to gain administrative access to the target machine. Finally, we grab the root flag.

Machine Name: Markup | Difficulty: Easy | OS: Windows

Summary:​

This article guides users through completing the Archetype machine challenge on Hack The Box. We exploit vulnerabilities on a Microsoft SQL Server by enumerating SMB shares, finding clear text credentials, and using Impacket to authenticate and gain an authorized connection. We then escalate privileges and download Netcat to establish a reverse shell, grab the user flag, and eventually use Impacket's psexec tool to gain admin access and retrieve the root flag before terminating the connection.

Machine Name: Archetype | Difficulty: Easy | OS: Windows

Summary:​

This walkthrough provides step-by-step guidance on how to solve the Tactics machine challenge on Hack The Box, focusing on completing Tier 1 Starting Point challenges. The guide covers various tasks and techniques using Nmap, SMB protocols, and Impacket tools to ultimately obtain the root flag and "pwn" the target machine.

Machine Name: Tactics | Difficulty: Easy | OS: Windows

Summary:​

This walkthrough outlines the attack vector used to system access on the Responder machine on Hack The Box, where an attacker would exploit the NetBIOS vulnerability to capture NTLMv2 hashes, which are then cracked using John the Ripper to obtain valid credentials. These credentials can be leveraged to ultimately gain access to root flag on the target machine.

Machine Name: Responder | Difficulty: Easy | OS: Windows

Summary:​

This article guides users through completing the Explosion machine challenge on Hack The Box. The guide covers tasks such as connecting to the target machine via pwnbox, identifying open TCP ports, understanding remote access protocols and tools, and obtaining flags through a series of questions and exercises.

Machine Name: Explosion | Difficulty: Easy | OS: Windows

Summary:​

This article guides users through completing the Dancing machine challenge on Hack The Box. It covers tasks related to SMB, such as listing shares, accessing shares with a blank password, and downloading files using the SMB shell. The final step is to find and submit the root flag.

Machine Name: Dancing | Difficulty: Easy | OS: Windows

Windows Fundamentals | Windows Fundamentals 3 | Summary:​

This series of walkthroughs aims to help out complete beginners with finishing the Pre Security Path on the TryHackMe website. It is based on the learning content provided in the Windows Fundamentals 3 room.

Windows Fundamentals | Windows Fundamentals 2 | Summary:​

This series of walkthroughs aims to help out complete beginners with finishing the Pre Security Path on the TryHackMe website. It is based on the learning content provided in the Windows Fundamentals 2 room.

Windows Fundamentals | Windows Fundamentals 1 | Summary:​

This series of walkthroughs aims to help out complete beginners with finishing the Pre Security Path on the TryHackMe website. It is based on the learning content provided in the Windows Fundamentals 1 room.