Hack The Box: Ore Sherlock Walkthrough – Medium Difficulty
ThreatNinja
by darknite
6d ago
In this post, I would like to share some walkthroughs on the Sherlock Challenges such as Ore which can be considered a medium Difficulty Introduction of Ore Challenge In this challenge, You’ll grapple with an anomaly in Forela’s AWS infrastructure, managed by a technical partner. After deploying an EC2 instance to host the Grafana application, the CPU usage unexpectedly soared to a constant 98%+ due to a process named “xmrig”. This task calls on the you to probe into this anomalous behavior, leveraging your understanding of cloud infrastructure, EC2 instances, and system processes. Y ..read more
Visit website
Hack The Box: Visual Machine Walkthrough – Medium Difficulty
ThreatNinja
by darknite
1w ago
In this post, I would like to share a walkthrough of the Visual  Machine from Hack the Box This room will be considered a Medium machine on Hack the Box What will you gain from the Visual machine? For the user flag, you will need to abuse the platform where users can input a hosted Git URL, and the system will fetch a Visual Studio project from the URL and initiate the compilation process. I will deploy a Gitea server within a container and upload a project configured with a pre-build action designed to execute a command and access a shell. As for the root flag, you ne ..read more
Visit website
Hack The Box: Drive Machine Walkthrough – Hard Difficulty
ThreatNinja
by darknite
2w ago
In this post, I would like to share a walkthrough of the Drive Machine from Hack the Box This room will be considered a Hard machine on Hack the Box What will you gain from the Drive machine? For the user flag, you will need to exploit an IDOR vulnerability that allows me to gain unauthorized access to the administrator’s files and extract certain credentials, granting SSH access. Utilizing this access, I’ll infiltrate a Gitea instance and employ the extracted credentials to gain entry to a backup script and uncover passwords used for site backups. Within these backups ..read more
Visit website
HackTheBox: HyperFileTable Sherlock Walkthrough – Easy Difficulty
ThreatNinja
by darknite
2w ago
In this post, I would like to share some walkthroughs on the Sherlock Challenges such as HyperFiletable which can be considered an Easy difficulty Introduction of Hyperfiletable Challenge In this challenge, you will address the consequences of a sophisticated phishing attack directed at a recent recruit within Forela. Unbeknownst to the unsuspecting newcomer, the act of downloading their onboarding documentation has led to the inadvertent opening of a malicious attachment. This Sherlock challenge, designed at an introductory level of difficulty, requires participants to car ..read more
Visit website
Hack The Box: Builder Machine Walkthrough – Medium Difficulty
ThreatNinja
by darknite
2w ago
In this post, I would like to share a walkthrough of the Builder Machine from Hack the Box This room will be considered a medium machine on Hack the Box What will you gain from the Builder machine? For the user flag, you will need to exploit a recent Jenkins vulnerability, namely CVE-2024-23897, this exploration focuses on its capacity for partial file reading and the subsequent risk of remote code execution. The forthcoming demonstration will elucidate the exploitation of this vulnerability, delve into techniques to optimize file access, identify the password hash ass ..read more
Visit website
Hack The Box: Keeper Machine Walkthrough – Easy Difficulty
ThreatNinja
by darknite
3w ago
In this post, I would like to share a walkthrough of the Keeper Machine from Hack the Box This room will be considered an Easy machine on Hack the Box What will you gain from the Keeper machine? For the user flag, you will need to utilize default credentials to gain access to the RT instance, I aim to retrieve the credentials associated with a user’s profile. This user is currently addressing a KeePass problem using a memory dump. As for the root flag, you need to exploit CVE-2022-32784 to extract the master password from the dump, subsequently granting access to a root SSH key in Putty f ..read more
Visit website
Hack The Box: Safecracker Sherlock Challenge – Insane Difficulty
ThreatNinja
by darknite
3w ago
Case Scenario We recently hired some contractors to continue the development of our Backup services hosted on a Windows server. We have provided the contractors with accounts for our domain. When our system administrator recently logged on, we found some pretty critical files encrypted and a note left by the attackers. We suspect we have been ransomwared. We want to understand how this attack happened via a full in-depth analysis of any malicious files out of our standard triage. A word of warning, our tooling didn't pick up any of the actions carried out - this could be advanced. Firstly ..read more
Visit website
Hack The Box: Registrytwo machine Walkthrough – Insane Difficulty
ThreatNinja
by darknite
1M ago
In this post, I would like to share a walkthrough of the Registrytwo Machine from Hack the Box This room will be considered an Insane machine on Hack the Box What will you gain from the Registrytwo machine? For the user flag, you will need to utilize a Docker Registry and authentication server, I will access an image to uncover a Java War file responsible for running the webserver. Through meticulous enumeration and reverse engineering, I will identify various vulnerabilities, including issues with nginx/Tomcat, mass assignment vulnerabilities, and opportunities for se ..read more
Visit website
Hack The Box: Bookworm Machine Walkthrough – Insane Difficulty
ThreatNinja
by darknite
1M ago
In this post, I would like to share a walkthrough of the Bookworm Machine from Hack the Box. This room will be considered an Insane machine on Hack the Box What will you gain from the Bookworm machine? For the user flag, you will need a sophisticated exploit chain by leveraging cross-site scripting, insecure upload, and insecure direct object reference vulnerabilities. This orchestrated approach allows for the identification of an HTTP endpoint with file download capabilities. Within this endpoint, a directory traversal attack is exploited when multiple files are requested, enabling the r ..read more
Visit website
Hack The Box: Bumblebee Sherlock Challenge – Easy Difficulty
ThreatNinja
by darknite
1M ago
In this post, I would like to share some walkthroughs on the Sherlock Challenges such as Bumblebee which is considered an Easy difficulty Introduction of Bumblebee Challenge In this challenge, you will take on the role of a Digital Forensics and Incident Response (DFIR) specialist investigating a security breach involving an external contractor who accessed Forela’s internal forum. Analyzing forum logs and an SQLite3 database dump, your task is to uncover how the intruder exploited the Guest’s WiFi to obtain administrative credentials. This exercise assesses your skills in forensic data analys ..read more
Visit website

Follow ThreatNinja on FeedSpot

Continue with Google
Continue with Apple
OR