Editor is an easy Linux machine running a vulnerable version of XWiki that allows unauthenticated remote code execution, providing an initial foothold. Enumeration of the system reveals a misconfigured SUID binary, which can be exploited to escalate privileges and gain root access.
After spawning the machine and connecting to the VPN, we start with the initial enumeration.
We begin by running an initial nmap scan with the following command:
Cap is an easy difficulty Linux machine running an HTTP server that performs administrative functions including performing network captures. Improper controls result in Insecure Direct Object Reference (IDOR) giving access to another user’s capture. The capture contains plaintext credentials and can be used to gain foothold. A Linux capability is then leveraged to escalate to root.
After spawning the machine and connecting to the VPN, we start with the initial enumeration.
Optimum is a beginner-level machine which mainly focuses on enumeration of services with known exploits. Both exploits are easy to obtain and have associated Metasploit modules, making this machine fairly simple to complete.
After spawning the machine and connecting to the VPN, we start with the initial enumeration.
We begin by running an initial nmap scan with the following command:
nmap -sC -sV -vv -oA nmap/initial_scan <Target-IP>
-sC Default script scan-sV Service version detection-vv Verbose output-oA Output all formatsNmap reports only Port 80 open:
Getting Started is not really a box on HTB Labs, it is just a knowledge check in the Getting Started module of the Penetration Tester Job Role Path, but I am writing a Writeup about it anyway.
After spawning the machine and connecting to the VPN, we start with the initial enumeration.
We begin by running an initial nmap scan with the following command:
nibbles is a fairly simple machine, however with the inclusion of a login blacklist, it is a fair bit more challenging to find valid credentials. luckily, a username can be enumerated and guessing the correct password does not take long for most.
After spawning the machine and connecting to the VPN, we start with the initial enumeration.
We begin by running an initial nmap scan with the following command: