28Feb 2022 by admin

TryHackMe – ColddBox

Hacking, privilege escalation, shell, TryHackMe
Greetings everyone! We're back with another box; this one is called ColddBox that is on the TryHackMe platform! So let's jump right into it! We'll start off with an Nmap scan to see what ports we have open and what services are running on them. To do this, we'll use this command: nmap -A -p- -T4 10.10.150.55 Port 80 is open so let's begin by browsing to the website: We know from the data returned in our nmap scan that this is a WordPress site. Let's do some directory busting using a tool called gobuster: Hmm looks like there is a rather interesting directory called "hidden". Let's check it out! We are greeted with a message! Apparently someone named C0ldd is being asked to send Hugo his new password. Looking…
Read More
30Mar 2020 by admin

Hack The Box – Jerry

apache, hackthebox, msfvenom, shell
Greetings, everyone! After a long, long break, I've decided to return to the wonderful world of blogging my experiences on Hack the Box! I'm currently knees deep in course material for Offensive Security's OSCP certification, so I figured this would be a nice break from it! So without further ado, let's get into it! The box I've decided to attack for this post is called Jerry, and has the IP of 10.10.10.95. Let's start off with an Nmap scan: Only one port open: 8080. Well let's check it out to see what we can find! We're brought to an Apache Tomcat configuration page! After poking around for a bit on the landing page, the tab "Manager App" looks the most promising. Let's click on that tab and see what happens:…
Read More