Download and unzip the attached file. The pcap file will be extracted from the zip file. Open the wireshark and go through packets.. I filtered packets with HTTP protocol. Then I found suspicious command injections. It seems it’s executing bash shell on 192.168.1.180. So, I filtered packets with the IP address 192.168.1.180. Then I checked … Read More “Hack the box: Wrong Spooky Season write up” »
Tag: htb
Download the zip file and unzip it. You will get the email with encoded contents. The first encoded block is like below. It’s saying it is base64 encoded. Let’s decode it from cyberchef. Then you will get the message from the leader of resistance. Now let’s check the second encoded block. When decode it, the … Read More “Hack the box – Urgent write up” »
I share the solution of “an unusual sighting” challenge from hack the box. Connect to the host machine using netcat. Then it will ask us questions. All the answers can be found in the log files. IP Address and Port of the SSH Server 100.107.36.130:2221 What time is the first successful Login 2024-02-13 11:29:50 What … Read More “Hack the box – An unusual sighting” »
Enumeration nmap Nmap result is as below. Check FTP and SSH ports are open. Also, FTP allows anonymous login. Therefore, login as anonymous. Download all the files and enumerate the directories and files. We can see the users in passwd. netadmin. checked. In the config directory, we can find wireless information. There is the password! … Read More “Hack the box – Wifinetic – writeup” »
I will walk through Jingle Bell Sherlock. We have a database file. So let’s open it with Sqlite3. sqlite3 wpndatabase.db And let’s see the contents of the database. Ok, I see there is the column called Payload. Which software/application did Torrin use to leak Forela’s secrets? Then you can see Slack is used for communication. … Read More “Hack The Box – Sherlock – Jingle Bell” »
Enumeration The nmap result tells us the FTP server and web server are open. The version of the web server is IIS 7.5. For the FTP server, it allows anonymous login. Also, we know that there are iisstart.htm and welcome.png files. If we visit the website, we can check these two files. Using the FTP … Read More “Hack the box – Devel writeup” »