Sharing writeups of CTF challenges and Machines
Enumeration Start with nmap scan. Check ssh and a web server are running. It failed to redirect to http://searcher.htb, so add it to /etc/hosts file. If nmap again after adding it to the /etc/hosts file, I got a different result. Here, I can see it is using Werkzeug 2.1.2 version. My first thought was to … Read More “OSCP series – Busqueda write-up” »
Download and unzip the attached file. The pcap file will be extracted from the zip file. Open the wireshark and go through packets.. I filtered packets with HTTP protocol. Then I found suspicious command injections. It seems it’s executing bash shell on 192.168.1.180. So, I filtered packets with the IP address 192.168.1.180. Then I checked … Read More “Hack the box: Wrong Spooky Season write up” »
Download the zip file and unzip it. You will get the email with encoded contents. The first encoded block is like below. It’s saying it is base64 encoded. Let’s decode it from cyberchef. Then you will get the message from the leader of resistance. Now let’s check the second encoded block. When decode it, the … Read More “Hack the box – Urgent write up” »
I share the solution of “an unusual sighting” challenge from hack the box. Connect to the host machine using netcat. Then it will ask us questions. All the answers can be found in the log files. IP Address and Port of the SSH Server 100.107.36.130:2221 What time is the first successful Login 2024-02-13 11:29:50 What … Read More “Hack the box – An unusual sighting” »
Enumeration nmap Nmap result is as below. Check FTP and SSH ports are open. Also, FTP allows anonymous login. Therefore, login as anonymous. Download all the files and enumerate the directories and files. We can see the users in passwd. netadmin. checked. In the config directory, we can find wireless information. There is the password! … Read More “Hack the box – Wifinetic – writeup” »
Enumeration Start with an Nmap scan. SSH port and web server are open. However, It failed to redirect to the domain address. Let’s add it to the file. Now, let’s visit the web page and see how it looks. It’s a file conversion web page. I did the Nmap scan again since we added the … Read More “Hack the box – Precious write-up” »
