Below are my write-ups for various hack the box practice labs.

 

If you do not already know, Hack The Box is an online security platform allowing you to test your penetration testing skills and exchange ideas and methodologies with thousands of people in the security field. 

I have completed 48 machines to date and am ranked Top 20 of Canadian players. 

https://www.hackthebox.eu/home/users/profile/44162

Synopsis

Lame is a beginner level machine, requiring only one exploit to obtain root access. It was the first machine published on Hack The Box and was often the first machine for new users prior to its retirement. 

Skills Required

  • Basic knowledge of Linux

  • Enumerating Ports and Services

Skills Learned

  • Identifying Vulnerable Services

  • Exploiting Samba

Synopsis

Legacy is a fairly straightforward beginner-level machine which demonstrates the potential

security risks of SMB on Windows. Only one publicly available exploit is required to obtain

administrator access

Skills Required

  • Basic knowledge of Windows

  • Enumerating Ports and Services

Skills Learned

  • Identifying Vulnerable Services

  • Exploiting SMB

Synopsis

Devel, while relatively simple, demonstrates the security risks associated with some default program configurations. It is a beginner-level machine which can be completed using publicly  available exploits.

Skills Required

  • Basic knowledge of Windows

  • Enumerating Ports and Services

  • TCP file transfer Linux/windows

Skills Learned

  • Identifying Vulnerable Services

  • Exploiting weak credentials

  • Basic Windows privilege escalation techniques

Synopsis

Beep has a very large list of running services, which can make it a bit challenging to find the correct entry method. This machine can be overwhelming for some as there are many potential attack vectors. Luckily, there are several methods available for gaining access.

Skills Required

  • Basic knowledge of Windows

  • Enumerating Ports and Services

Skills Learned

  • Web-based fuzzing

  • Identifying known exploits

  • Exploiting local file inclusion vulnerabilities

Synopsis

Optimum is a beginner-level machine that mainly focuses on the enumeration of services with

known exploits. We exploit user access manually and use a publicly available exploit for privilege escalation.

Skills Required

  • Basic knowledge of Windows

  • Enumerating Ports and Services

  • Powershell

Skills Learned

  • Identifying vulnerable services

  • Identifying known exploits

  • Basic Windows privilege escalation techniques

Synopsis

 

Arctic is fairly straightforward, however, the load times on the web server pose a few challenges for exploitation. Basic troubleshooting is required to get the correct exploit functioning properly.

Skills Required

  • Basic knowledge of Windows

  • Enumerating Ports and Services

Skills Learned

  • Exploit modifications

  • Troubleshooting exploits 

  • Troubleshooting HTTP requests

Synopsis

 

Grandpa is one of the simpler machines on Hack The Box, however it covers the widely-exploited CVE-2017-7269. This vulnerability is trivial to exploit and granted immediate access to thousands of IIS servers around the globe when it became public knowledge.

Skills Learned

Skills Required

  • Basic knowledge of Windows

  • Enumerating Ports and Services