Posts

Hack The Box: Machines - Explore (Easy)

-
Image
  Introduction Today I will be dealing with the Explore machine from Hack The Box. As you can read from the post topic it's an easy machine running on Android. This is my first attempt at breaking into the Android machine, therefore I've decided to share my path to the final solution. The only thing that I know about this operating system is that it's open-source, based on Linux, and apps are commonly written in Java. Without further talking let's jump into the catacombs. Enumeration First things first - in order to attack an infrastructure you have to get as much information about the target as possible. The better you know your target the greater chance you have. So as usual I'm going to launch the nmap with default scripts and services enumeration. The command:   nmap -sC -sV -p- -Pn -T4 -v 10.129.221.17 -oN nmap/explore.nmap The result: So the device that we want to pwn is a phone. The machine is running Banana Studio SSH server on port 2222, ES File Explorer on
Post a Comment
Read more

Hack The Box: Machines - dynstr (Medium)

-
Image
  Hello folks! Introduction Today I'm going to show you how the dynstr  machine can be solved. Looking at the picture of the released machine we can see that we will be dealing with the Linux instance. Obviously, the only thing we know about this device is its IP address and operating system. Therefore, we need to scan it for gathering more information. Enumeration As always I will start the enumeration part using nmap.  I want to launch the scan with common scripts and service enumeration as well as all information written to the stdout. Here is the command: And this is the result: As you can see port 80 is open among others. Therefore the target machine is HTTP server. More precisely the device is running the Apache 2.4.41 web server on Linux system, probably we are dealing with Ubuntu. The web application hosted by the target is a great path to own the machine. Let's look under the hood. The web application is the presentation of a DNS service. The only interesting thing tha
Post a Comment
Read more