Write-up available upon box expiry.
Enumerating the open SMB share shows one interesting .PDF file (the directories client1, client2, client3 were empty). The exploit is utilising a remote code execution in Electron updater. The article is very interesting and can be found here: https://blog.doyensec.com/2020/02/24/electron-updater-update-signature-bypass.html Generate reverse shell payload using Metasploit: Generate a file hash for the reverse shell payload: UploadContinue reading
Enumeration I started off with an Nmap scan on the target. We can observe that the host is Windows Server with Active Directory services running. With this in mind, I ran enum4linux to see if there were any other information I could extract from the host. Exploitation (User) After obtaining the user accounts, I attemptedContinue reading
Enumeration I started off with a quick Nmap scan on the target. We can see that there is an Apache Service running on port 80. Port 3000 was slightly more interesting. I began my enumeration by performing a quick directory enumeration on the service running at port 80. Gobuster was able to discover “support” whichContinue reading
Enumeration I started off with an Nmap scan on the target machine I noticed that ftp (port 21) was open so I navigated to my browser to see if it allowed me to get unauthenticated access. The unauthenticated access allowed me to see the contents of the machine. The level of access on this serviceContinue reading
Enumeration I started off with a simple NMAP scan on the target. A quick glance at the the open ports show nothing too unusual, except maybe the ssh port open on 2222. I navigated to the http service and all it contained was a simple image. I also decided to run a nikto scan toContinue reading
Enumeration I started off the box with an nmap scan on the target machine. As you can see from the nmap scan results, we didn’t see anything in the first 1000 ports. On HackTheBox this usually means that there are services running on uncommon ports (I’ve seen SSH at port 65535 before) so I decidedContinue reading
I began the box by first opening the IP address on a web browser to see if anything was there. I noticed it was a blog-style website and there was a single post with the title: phpbash. I checked out the GitHub page and noticed that there was two files of interest in the mainContinue reading