hackthebox bastard walkthrough

Starting with nmap. Scan all ports with masscan Doing another scan in open ports using default script. port 80 reveals Drupal website. Looking at CHANGELOG.txt we are using Drupal version 7.54. Simple Google searching, we found another exploit here. Oopss!! let me try that again. Sweet! I am iusr. what can I do?? Let’s grab […]

hackthebox arctic walkthrough

Starting with nmap Only three ports are open. On browsing http://10.10.10.11:8500 , we see two directories. These two folders represent ColdFusion. http://10.10.10.11:8500/CFIDE/administrator reveals following page: Coldfusion 6-10 is vulnerable to LFI attack. From the above screenshot, we know we have CF version is 8. We will use the following as suggested here. http://10.10.10.11/CFIDE/administrator/enter.cfm?locale=…………….\ColdFusion8\lib\password.properties%00e​n From above […]

hackthebox devel walkthrough

Start the hack with nmap Check if we have anonymous access or not. Nice, we have anonymous. Further, check if we can write there or not. I already have tested and it came positive. HTTP shows the server has IIS installed. We can upload the aspx webshell from FTP and try to access it from […]

Starting RDP service in windows server 2008 R2 remotely

windows server 2008 r2

What to do if RDP (Remote Desktop) services stops and you are logged out from server? Solution: download pstools. PsTools is a set of utilities to perform all sorts of administration tasks both locally, and on remote computers as well. In this case we are going to start RDP service in remote windows server. In […]