TJNull's List

schooled

Jul 5, 2021 TJNull's List

Introduction: Recon NMAP scan 1root@kinetic:.../hackthebox/schooled/data# nmap -sC -sV -T4 -Pn -oN nmap.schooled.txt 10.10.10.234 2Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times will be slower. 3Starting Nmap 7.91 ( https://nmap.org ) at 2021-07-05 12:37 EDT 4Nmap scan report …

bastion

Apr 15, 2021 TJNull's List

Introduction: Recon 1eneloop@kinetic:.../hackthebox/bastion/data$ sudo nmap -sS -sC -sV -T4 -O -oN nmap.bastion.txt 10.10.10.134 2[sudo] password for eneloop: 3Starting Nmap 7.91 ( https://nmap.org ) at 2021-04-15 20:57 EDT 4Nmap scan report for 10.10.10.134 5Host is up (0.086s latency). 6Not shown: 996 closed ports …

jarvis

Mar 28, 2021 TJNull's List

Introduction: Recon Nmap scan 1eneloop@kinetic:.../hackthebox/jarvis/data$ sudo nmap -sS -sV -T4 -O -oN nmap.jarvis.txt 10.10.10.143 2[sudo] password for eneloop: 3Starting Nmap 7.91 ( https://nmap.org ) at 2021-03-28 22:54 EDT 4Nmap scan report for 10.10.10.143 5Host is up (0.084s latency). 6Not shown: 998 closed …

ready

Mar 18, 2021 TJNull's List

Introduction: Recon 1Starting Nmap 7.91 ( https://nmap.org ) at 2021-03-18 20:57 EDT 2Nmap scan report for 10.10.10.220 3Host is up (0.15s latency). 4Not shown: 998 closed ports 5PORT STATE SERVICE VERSION 622/tcp open ssh OpenSSH 8.2p1 Ubuntu 4 (Ubuntu Linux; protocol 2.0) 7| ssh-hostkey: 8| 3072 …

swagshop

Mar 13, 2021 TJNull's List

Introduction: The swagshop machine presents a vulnerable Magento installation for which you may not look beyond basic enumeration and look up exploits once you have figured out the version. Recon NMAP Scan 1eneloop@kinetic:.../hackthebox/swagshop/data$ sudo nmap -sS -sC -sV -T4 -O -oN nmap.swagshop.txt 10.10.10.140 …

Friendzone

Feb 28, 2021 TJNull's List zone transfer python library hijack

Introduction: Friendzone need a good amount of enumeration for the ports and services as there are many services running and many application endpoints that seem interesting at first and can lead to rabbit holes. The privesc involves library hijacking for a python library that is left unprotected with incorrect …

irked

Feb 27, 2021 TJNull's List

Introduction: Recon 1eneloop@kinetic:.../hackthebox/irked/data$ sudo nmap -sS -sC -sV -T4 -O -oN nmap.irked.txt 10.10.10.117 2[sudo] password for eneloop: 3Sorry, try again. 4[sudo] password for eneloop: 5Starting Nmap 7.91 ( https://nmap.org ) at 2021-02-27 15:56 EST 6Nmap scan report for 10.10.10.117 7Host is up …

frolic

Feb 22, 2021 TJNull's List

Introduction: Recon 1eneloop@kinetic:.../hackthebox/frolic/data$ sudo nmap -sS -sV -sC -T4 -O -oN nmap.frolic.htb 10.10.10.111 2[sudo] password for eneloop: 3Starting Nmap 7.91 ( https://nmap.org ) at 2021-02-22 20:48 EST 4Nmap scan report for 10.10.10.111 5Host is up (0.015s latency). 6Not shown: 996 closed ports …

bounty

Feb 17, 2021 TJNull's List

Introduction: Recon eneloop@kinetic:…/hackthebox/bounty/data$ sudo nmap -sS -sV -T4 -O -oN nmap.bounty.txt 10.10.10.93 [sudo] password for eneloop: Starting Nmap 7.91 ( https://nmap.org ) at 2021-02-17 19:46 EST Nmap scan report for 10.10.10.93 Host is up (0.014s latency). Not shown: 999 filtered ports PORT …

Haircut

Jan 7, 2021 TJNull's List webapp curl screen

Introduction: Haircut is a very simple but great machine with a vulnerable app running that allows you to exploit curl to download a shell on the webserver and get the initial foothold. Recon NMAP scan 1nmap -sS -sV -sC -T4 -Pn -O -oN nmap.haircut.txt 10.10.10.24 2Host discovery disabled (-Pn). All addresses will be …