WHAT IS HACK THE BOX ?
Hack The Box is an online platform allowing you to test your penetration testing skills and exchange ideas and methodologies with other members of similar interests. It contains several challenges that are constantly updated.
Many people asked me about the methodology I use to root machines in Hack The Box, so today I will explain in detail how I play Hack The Box machine.
I create a separate dirctory for every single machine, so that I can save the files, tools and scripts I used in each box sepatately and note-down the important things like password, hash, custom scripts/payloads etc.
Now you can use IP or URL in the commands or scripts as per your need.
● NMAP :
● MASSCAN :
● AUTOMATE RECON / ENUM :
you can also use these script to automate the process of enumeration & recon.
AutoRecon : https://github.com/Tib3rius/AutoRecon
nmapAutomator : https://github.com/21y4d/nmapAutomator
WEB ENUMERATION / DIRECTORY AND FILES BRUTE-FORCING :
● NIKTO :
if Port 80 or 443 is Open, you can use Nikto to collect more information.
● GOBUSTER :
● FFUF :
● WFUZZ :
Use Seclists for More Wordlists : https://github.com/danielmiessler/SecLists
● EXPLOIT DB / SEARCHEXPLOIT :
● SMB ENUMERATION :
If you’re on a windows box and port 139 or 445 is open, Enumerate SMB.
● ENUM4LINUX :
Enumerate information from Windows and Samba systems : https://kali.org/tools/enum4linux/
FILE TRANSFER IN LINUX
● PYTHON HTTP SERVER :
● NETCAT :
● BASE64 :
● SCP :
Transfer the file test.file to the other server use the following command :
FILE TRANSFER IN WINDOWS
● HTTP SERVER :
Local System :
Target System :
● PSCP :
● INSTALLATION :
● LISTEN PORT :
● CHAT SERVER :
Now, type anything and it will show on the listener's shell.
● FILE TRANSFER :
● REVERSE SHELL :
Netcat is rarely present on production systems and even if it is there are several version of netcat, some of which don’t support the -e option.
If you have the wrong version of netcat installed, Jeff Price points out here that you might still be able to get your reverse shell back like this :
● INSTALLATION :
● CONNECTION :
● CREATE SSH KEYS :
● PERMISSION :
● SSH PASSWORD CRAKING USING KEY :
● CRACK SSH PASSWORD USING HYDRA :
Impacket is a collection of Python classes for working with network protocols.
Pentestmonkey : http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet
Reverse Shell Cheatsheet.md : https://github.com/swisskyrepo/PayloadsAllTheThings/
Reverse Shell Cheat Sheet : https://oscp.infosecsanyam.in/shells/reverse-shell-cheat-sheet
Interactive tty-shell : https://github.com/cornerpirate/socat-shell
PayloadsAllTheThings : https://github.com/swisskyrepo/PayloadsAllTheThings
Evil-WinRM : https://github.com/Hackplayers/evil-winrm
● LINUX :
- Basic Linux Privilege Escalation
- Linux elevation of privileges ToC
- Linux Smart Enumeration
- Linux - Privilege Escalation.md
- Linux Exploit Suggester
● WINDOWS :
- Windows elevation of privileges ToC
- Windows Kernel Exploits
- Windows Privilege Escalation Fundamentals
- Just Another Windows (Enum) Script
- Windows PrivEsc Methods for Pentesters
- Windows Privilege Escalation
- Windows Privilege Escalation Guide
- Windows OS Enumurations
- Windows Privilege Escalation Techniques and Scripts