Posts for: #Hackthebox

Shocker - HackTheBox

Introduction In the last post, I struggled to complete Ransom - a Medium difficulty HackTheBox lab. While I made some good progress, I feel that it’s slightly above my current skill level. This time I’m trying a mid-difficulty lab within the Easy difficulty tier. Let’s see how it goes! Enumeration Let’s start with our boilerplate port scan, saved to a custom bash script called port_enum this time (nmap with the -sV and -sC flags set):
[Read more]

Ransom Part 2 - HackTheBox

Introduction Part 1 of ransom was HARD. With that being said, the only stage I had severe difficulty with was the poorly documented bkcrack tool. Hopefully, I can escalate privileges without peeking at the solutions… let’s do this! Logging in We are currently at the stage where we have an unzipped copy of a home directory, containing an ssh key. Inspecting the id_rsa.pub file, we find a username at the end of it:
[Read more]

Ransom Part 1 - HackTheBox

Introduction I have found writing up these HackTheBox labs immensely satisfying, especially through the medium of a pseudo-private blog in dwo.sh. One surprising benefit is that my aptitude has seemingly grown in a short space of time. I believe this is because I have a tendency to rush when completing offensive security exercises - writing my thoughts before I execute forces the analytical side of my brain to engage. With that being said, I am attempting my first ever Medium level lab.
[Read more]

Blocky - HackTheBox

Enumeration To begin the lab, I’m going to open my .bashrc file with vim and assign the target ip (10.129.72.248) to the IP variable, so I can reference it throughout the lab. With that being done, let’s run a standard nmap scan against the app. The guide references FTP, so I’ll pay particular attention to that: david@red:~$ nmap -v -sVC $IP Starting Nmap 7.94SVN ( https://nmap.org ) at 2026-01-14 11:39 GMT NSE: Loaded 156 scripts for scanning.
[Read more]

Broker - HackTheBox

Enumeration Let’s start with a simple port scan: nmap -sC -sV -v 10.129.230.87 PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.9p1 Ubuntu 3ubuntu0.4 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: | 256 3e:ea:45:4b:c5:d1:6d:6f:e2:d4:d1:3b:0a:3d:a9:4f (ECDSA) |_ 256 64:cc:75:de:4a:e6:a5:b4:73:eb:3f:1b:cf:b4:e3:94 (ED25519) 80/tcp open http nginx 1.18.0 (Ubuntu) | http-auth: | HTTP/1.1 401 Unauthorized\x0D |_ basic realm=ActiveMQRealm |_http-title: Error 401 Unauthorized |_http-server-header: nginx/1.18.0 (Ubuntu) Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel I am looking for an ActiveMQ service, which wasn’t revealed by this scan.
[Read more]