Below are my write-ups for various hack the box practice labs.
If you do not already know, Hack The Box is an online security platform allowing you to test your penetration testing skills and exchange ideas and methodologies with thousands of people in the security field.
I have completed 48 machines to date and am ranked Top 20 of Canadian players.
Synopsis
Lame is a beginner level machine, requiring only one exploit to obtain root access. It was the first machine published on Hack The Box and was often the first machine for new users prior to its retirement.
Skills Required
-
Basic knowledge of Linux
-
Enumerating Ports and Services
Skills Learned
-
Identifying Vulnerable Services
-
Exploiting Samba
Synopsis
Legacy is a fairly straightforward beginner-level machine which demonstrates the potential
security risks of SMB on Windows. Only one publicly available exploit is required to obtain
administrator access
Skills Required
-
Basic knowledge of Windows
-
Enumerating Ports and Services
Skills Learned
-
Identifying Vulnerable Services
-
Exploiting SMB
Synopsis
Devel, while relatively simple, demonstrates the security risks associated with some default program configurations. It is a beginner-level machine which can be completed using publicly available exploits.
Skills Required
-
Basic knowledge of Windows
-
Enumerating Ports and Services
-
TCP file transfer Linux/windows
Skills Learned
-
Identifying Vulnerable Services
-
Exploiting weak credentials
-
Basic Windows privilege escalation techniques
Synopsis
Beep has a very large list of running services, which can make it a bit challenging to find the correct entry method. This machine can be overwhelming for some as there are many potential attack vectors. Luckily, there are several methods available for gaining access.
Skills Required
-
Basic knowledge of Windows
-
Enumerating Ports and Services
Skills Learned
-
Web-based fuzzing
-
Identifying known exploits
-
Exploiting local file inclusion vulnerabilities
Synopsis
Optimum is a beginner-level machine that mainly focuses on the enumeration of services with
known exploits. We exploit user access manually and use a publicly available exploit for privilege escalation.
Skills Required
-
Basic knowledge of Windows
-
Enumerating Ports and Services
-
Powershell
Skills Learned
-
Identifying vulnerable services
-
Identifying known exploits
-
Basic Windows privilege escalation techniques
Synopsis
Arctic is fairly straightforward, however, the load times on the web server pose a few challenges for exploitation. Basic troubleshooting is required to get the correct exploit functioning properly.
Skills Required
-
Basic knowledge of Windows
-
Enumerating Ports and Services
Skills Learned
-
Exploit modifications
-
Troubleshooting exploits
-
Troubleshooting HTTP requests
Skills Required
-
Basic knowledge of Windows
-
Enumerating Ports and Services