Enumeration Start with an Nmap scan. SSH port and web server are open. However, It failed to redirect to the domain address. Let’s add it to the file. Now, let’s visit the web page and see how it looks. It’s a file conversion web page. I did the Nmap scan again since we added the … Read More “Hack the box – Precious write-up” »
Tag: writeup
Description Reception of Special has been cool to say the least. That’s why we made an exclusive version of Special, called Secure Comprehensive Interface for Affecting Linux Empirically Rad, or just ‘Specialer’. With Specialer, we really tried to remove the distractions from using a shell. Yes, we took out spell checker because of everybody’s complaining. … Read More “Pico CTF 2023 – Specialer writeup” »
Enumeration The nmap result tells us the FTP server and web server are open. The version of the web server is IIS 7.5. For the FTP server, it allows anonymous login. Also, we know that there are iisstart.htm and welcome.png files. If we visit the website, we can check these two files. Using the FTP … Read More “Hack the box – Devel writeup” »
Enumeration Scan the target machine with nmap. The web server and ssh are open. Let’s check the web server first. If we go to the page, we see the image file saying Don’t Bug me! I couldn’t find any useful information on the web page and the source code. There must be something we can … Read More “Hack the box – Shocker (CVE-2014-6271)” »
Enumeration Got the following result from the Nmap scan. I can see web servers are open and the nmap script’s saying changelog.txt is interesting. If we visit the web page, we can see the login page. I tried logging in with the default credentials for pfsense. admin:pfsense However, I failed. Let’s check the changelog.txt file … Read More “Hack the box – machine – Sense” »
Enumeration Nmap the target machine Check that ports 139 and 445 are open. So we can target the smb service. I tried to enumerate smb users or shares using several tools such as smbclinet, smbmap, and rpcclient. But I couldn’t get any useful information. I managed to anonymously login to the service but due to … Read More “Hack the box – Legacy – CVE-2008-4250” »