HackTheBox

Granny & Grandpa

Granny & Grandpa are a pair of identical easy rated boxes on Hack the Box. We’ll use metasploit to exploit a buffer overflow in IIS 6.0/WebDav for access and a kernel exploit for privesc

Optimum

‘Optimum’ is an easy rated box on Hack the Box. We’ll exploit a vulnerable version of HttpFileServer for access and use Windows Exploit Suggester to find a kernel exploit for privesc

Bashed

‘Bashed’ is an easy rated box on Hack the Box. We’ll use gobuster to uncover some hidden directories on a webserver, use a custom bash/php client to gain a shell and exploit a script being run as a cronjob for root

Nibbles

‘Nibbles’ is an easy rate box on Hack The Box. We’ll use gobuster to enumerate the ‘Nibbleblog’ platform, burpsuite’s intruder for bruteforcing a login and a public exploit for the initial shell.

Devel

‘Devel’ is an easy rated box on Hack the Box. To solve this box we’ll take advantage of anonymous FTP login, craft shellcode using msfvenom and use metasploit’s local exploit suggestor to find the path to privesc

Blue

‘Blue’ is an easy rated box on Hack the Box. We’ll be using Nmap’s scripting engine to detect a vulnerability and Metasploit to exploit it.

Legacy

‘Legacy’ is an easy rated box on Hack the Box. We’ll be using Nmap’s scripting engine to detect a vulnerability and Metasploit to exploit it.

Beep

‘Beep’ is an easy rated box on Hack the Box. We’ll be using public exploits from exploit DB to exploit both LFI and RCE on an old version of Elastix. Once we’re in the box we’ll abuse an outdated version of Nmap to escalate our privileges.

Remote

‘Remote’ is an Easy rated box on Hack The Box. We’ll be looking at Umbraco CMS, public mountable shares, shell crafting with msfvenom and using evil-winrm for login.