In this post I continue with the tier 0 boxes. These boxes get a user familiar with Redis, Remote Desktop Protocol, and enumerating HTTP directories. These examples show how easy an attacker can access a system if these applications are exposed to the open internet and have poor access control. Using admin, or any variation therein, as a username or password is a horrible idea! Redeemer Initial Recon Started with a nmap scan, but my default scan didn’t pick up anything. However, expanding the scan to include all ports did find something. There is a single port open – Redis…

Starting Point on Hack the Box (HTB) is broken down into tiers and there are three. The first get the user familiar with the HTB interface. It also gets the user familiar with terminology and the pen testing mindset. Below is a short writeup for the first three tier 0 boxes. Meow Initial Recon Ran a quick nmap scan against the box. Looking at the results shows a single port open – telnet on port 23. Initial Access Telnet What is telnet? It is an application protocol that allows remote access to a host. Similar to Secure Shell (SSH) that…

Continuing with the Tier 1 boxes on Starting Point. Moving forward there will be a slight adjustment on how posts will be made. Instead of compiling multiple writeups into a single post, each writeup will have its own post. Next up is Crocodile. Recon Started with the basic nmap scan. There are two ports open – 21 running FTP and 80 running a web server. FTP seems the most lucrative given what we see on the nmap scan. FTP Connected to the FTP server with an anonymous login. Downloaded both files since they have interesting filenames. The files contained usernames…