Skip to main content

Posts

HackTheBox.eu - Retired -Blue

HackTheBox.eu - Retired -Blue Recon I again started with a little up/down scan on TCP ports using nmap Namp -T4 -p- 10.10.10.40 -oX /root/Desktop/HTB/Blue/nmapb.xml Then I converted that to HTML # xsltproc /root/Desktop/HTB/Blue/nmapb.xml -o /root/Desktop/HTB/Blue/nmapb.html A goodly amount of open ports to feed into our next scan, which will utlizse the -A switch in nmap to finger the OS and services. # nmap -T4 -A -p135,139,445,49152,49153,49154,49155,49156,49157 10.10.10.40 -oX /root/Desktop/HTB/Blue/nmapf.xml The results show lots of ports for RPC, one net bios and SMB on port 445 No FTP, Web, SSH to try and exploit. But we do have SMB open which has a bunch of vulns… so lets get to googling Exploit The first result for Win7 smb Exploit is probably one you've heard of before.. Eternal Blue https://www.exploit-db.com/exploits/42315 If not you might want to read up on it here. https://en.wikipedia.org/wiki/EternalBlue Basically this an
Post a Comment
Read more

Kali installs

So this is just a reminder for me when building out new Kali VMs add non-free $leafpad /etc/apt/sources.list add deb http: // http.kali.org / kali kali-rolling main non-free contrib     deb-src http: // http.kali.org / kali kali-rolling main non-free contrib   after sudo apt-get update && sudo apt-get upgrade install  Virtualbox guest additions ( allows for full screen VM on OSX virtual box) NUMLOCK after login sudo apt-get install numlockx  Than change the GDM settings adding the following code to /etc/gdm3/Init/Default: if [ -x /usr/bin/numlockx ]; then /usr/bin/numlockx on fi sudo apt-get install virtualbox-guest-additions-iso apt-get -y install virtualbox-guest-x11   for hack the box vpn apt-get install network-manager-openvpn-gnome download nessus dpkg -i *nessusinstaller* For Firefox Cookie editor foxy proxy Cookie Editor chromium YARC
Post a Comment
Read more

Ringzer0 - Java Script - Then obfuscation is more secure

Ringzer0 - Java Script - Then obfuscation is more secure Objective:  Get that Flag Solution: Ok so this is another Java Script challenge so the first thing I did was look in the source code for some java script Found it! var _0xc360=["\x76\x61\x6C","\x23\x63\x70\x61\x73\x73","\x61\x6C\x6B\x33","\x30\x32\x6C\x31","\x3F\x70\x3D","\x69\x6E\x64\x65\x78\x4F\x66","\x68\x72\x65\x66","\x6C\x6F\x63\x61\x74\x69\x6F\x6E","\x3C\x64\x69\x76\x20\x63\x6C\x61\x73\x73\x3D\x27\x65\x72\x72\x6F\x72\x27\x3E\x57\x72\x6F\x6E\x67\x20\x70\x61\x73\x73\x77\x6F\x72\x64\x20\x73\x6F\x72\x72\x79\x2E\x3C\x2F\x64\x69\x76\x3E","\x68\x74\x6D\x6C","\x23\x63\x72\x65\x73\x70\x6F\x6E\x73\x65","\x63\x6C\x69\x63\x6B","\x2E\x63\x5F\x73\x75\x62\x6D\x69\x74"];$(_0xc360[12])[_0xc360[11]](function (){var _0xf382x1=$(_0xc360[1])[_0xc360[0]]();var _0xf382x2=_0xc360[2];if(_0xf382x1==_
Post a Comment
Read more

Ringzer0 - Java Script - Hashing is more secure

Ringzer0 - Java Script - Hashing is more secure Objective:   Get that Flag Solution: So this is another javascript challenge so I started with the source code again found this code <script> // Look's like weak JavaScript auth script :) $(".c_submit").click(function(event) { event.preventDefault(); var p = $("#cpass").val(); if(Sha1.hash(p) == "b89356ff6151527e89c4f3e3d30c8e6586c63962") { if(document.location.href.indexOf("?p=") == -1) { document.location = document.location.href + "?p=" + p; } } else { $("#cresponse").html("<div class='alert alert-danger'>Wrong password sorry.</div>"); } }); </script> So this time the are checking the password supplied against a hashed value of the password   if(Sha1.hash(p) == "b89356ff6151527e89c4f3e3d30c8e6586c63962  so its taking a sha1 of what is supplied and checking it
Post a Comment
Read more