shizz3r IT tech blog

  Enumeration At the beginning of the penetration test, we usually have only the list of target IP addresses and nothing more. In order to exploit any machine, any information about the target is crucial. Thus, I'm going to enumerate running services with the help of nmap. This very important step will give me a direction to follow along the process. The ssh service is running on the default port 22  and a web application is hosted on port 80 . Furthermore, it appears that the machine is running Linux OS, a Ubuntu incarnation specifically. The obvious next step is to look at the application with the help of the HTTP protocol. It's the site of MegaCorp Automotive and they are dealing with electric cars.  If you scroll down a little bit you will see that the application provides a login service. This resource it's not accessible from the main page, thus we can try to find it with dirb for instance. These are all directories found by dirb with the default wordlist. There is no

 Introduction After taking some free courses I bought a subscription to the ethical hacking learning platform. I chose Hack the Box to practice hacking skills and I hope that I will not regret it. The number of available options could be overwhelming but luckily Hack the Box crew thought about creating the Starting Point lab. It consists of nine machines with a  Very Easy breaking level and those boxes are dependent on each other. It means that the post-exploitation phase is important in this particular lab since we can find some useful information. Findings can be leveraged to break into the next machine in the chain. I have to admit that I'm not a security specialist but I'm a student who wants to be a red teamer. Thus, I describe my way of thinking from the start to the end of a penetration test in my writeups rather than the ideal solution. With this in mind, I invite you to follow my writeup of the Archetype machine. Enumeration To be able to test the machine for some vuln