Jeeves is a challenging box that tests the user’s ability to enumerate web directories, upload reverse shell code, and escalate privileges with metasploit. The creator of this box also tries to trick the user by hiding the flag, but it is easily uncovered with a few additional commands. Step 1: Enumerate with NMAP We start our investigation by scanning the target with NMAP. ➜ jeeves nmap -vv -A 10.129.213.25 -p- -Pn Host discovery disabled (-Pn)....
Chatterbox is a rather challenging box that tests the user’s ability to enumerate with NMAP, exploit a target with Metasploit, and find reused plaintext credentials to compromise the target. Step 1: Enumerate with NMAP As usual, the first step in our investigation is to enumerate the target with NMAP. ➜ chatterbox nmap -vv -A 10.129.3.102 -Pn -p- Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times may be slower....
Devel is a short and sweet box that tests the user’s ability to enumerate with NMAP and Metasploit.
Grandpa is a relatively straightforward box that tests the user’s ability to enumerate with NMAP and Metasploit. Although the initial compromise may differ from Granny, the privlege escalation process is identical. Step 1: Enumerate with NMAP As usual, our first step in the investigation is scanning the target with NMAP to check for any exposed ports and services. ➜ grandpa nmap -vv -A 10.129.93.230 -Pn Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times may be slower....
Granny is a surpisingly challenging box if you don’t use metasploit for the initial compromise. This machine tests the user’s ability to enumerate web services, exploit WebDAV, and use metasploit to escalate privileges. Step 1: Enumerate with NMAP We start our investigation by enumerating with NMAP. ➜ granny nmap -v -A 10.129.95.234 -Pn Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times may be slower. Starting Nmap 7....
Legacy is another beginner friendly box that tasks the user with enumerating with NMAP and exploiting the target with metasploit.
Blue is a very simple beginner box that tasks the user with enumerating with NMAP and using public exploits to compromise the target.
Lame is a beginner friendly box that tests the user’s ability to enumerate with Metasploit. This machine is often the first challenge that new users will tackle on the Hack The Box platform, and this fact is reflected in the box’s difficulty. Step 1: Enumerate with NMAP We first run NMAP against the target to see what ports are open and which services are running. ➜ lame nmap -v -A 10....