<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Hackthebox on Bagaz!</title><link>http://blog.bgz.app/tags/hackthebox/</link><description>Recent content in Hackthebox on Bagaz!</description><generator>Hugo</generator><language>en-us</language><lastBuildDate>Sun, 13 Aug 2023 14:14:26 +0700</lastBuildDate><atom:link href="http://blog.bgz.app/tags/hackthebox/index.xml" rel="self" type="application/rss+xml"/><item><title>Hackthebox Busqueda</title><link>http://blog.bgz.app/posts/hackthebox-busqueda/</link><pubDate>Sun, 13 Aug 2023 14:14:26 +0700</pubDate><guid>http://blog.bgz.app/posts/hackthebox-busqueda/</guid><description>Busqueda is a machine running Linux with an easy difficulty level. I will write this walkthrough briefly as I find the machine not very interesting.
Foothold First, perform a port enumeration using nmap. The scan reveals a domain on port 80.
$ nmap -sV -sC -oN busqueda.nmap 10.10.11.208 Nmap scan results for 10.10.11.208:
Host is up (0.074s latency). Not shown: 998 closed tcp ports (conn-refused) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.</description></item><item><title>Hackthebox Agile</title><link>http://blog.bgz.app/posts/hackthebox-agile/</link><pubDate>Sun, 06 Aug 2023 14:04:19 +0700</pubDate><guid>http://blog.bgz.app/posts/hackthebox-agile/</guid><description>Agile is a machine running on a Linux OS with a medium difficulty level. There was an unintended way to solve this machine, but it has since been patched, so we will cover the intended steps.
Foothold The first step in a pentest is usually scanning the machine. Here, I used nmap for port scanning.
$ nmap -sV -sC -oN agile.nmap 10.10.11.203 Nmap scan report for 10.10.11.203 Host is up (0.</description></item><item><title>Hackthebox Routerspace</title><link>http://blog.bgz.app/posts/hackthebox-routerspace/</link><pubDate>Sun, 10 Jul 2022 22:18:17 +0700</pubDate><guid>http://blog.bgz.app/posts/hackthebox-routerspace/</guid><description>RouterSpace is a Linux machine classified as easy difficulty. This machine has retired and been replaced by RedPanda.
Machine IP: 10.10.11.148
As always, I started by scanning the services and ports using Nmap.
Nmap scan report for 10.10.11.148 Host is up (0.15s latency). Not shown: 998 filtered ports PORT STATE SERVICE VERSION 22/tcp open ssh (protocol 2.0) | fingerprint-strings: | NULL: |_ SSH-2.0-RouterSpace Packet Filtering V1 80/tcp open http | fingerprint-strings: | FourOhFourRequest: | HTTP/1.</description></item><item><title>Hackthebox Undetected</title><link>http://blog.bgz.app/posts/hackthebox-undetected/</link><pubDate>Mon, 04 Jul 2022 21:54:21 +0700</pubDate><guid>http://blog.bgz.app/posts/hackthebox-undetected/</guid><description>Undetected is a medium-difficulty Linux machine. However, it was quite challenging in terms of privilege escalation due to the need to analyze a binary.
Machine IP: 10.10.11.146
First, perform a service scan using Nmap, which reveals two open services: SSH and HTTP.
Nmap scan report for 10.10.11.146 Host is up (0.20s latency). Not shown: 998 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.2 (protocol 2.0) 80/tcp open http Apache httpd 2.</description></item><item><title>Hackthebox Phoenix</title><link>http://blog.bgz.app/posts/hackthebox-phoenix/</link><pubDate>Mon, 27 Jun 2022 21:30:05 +0700</pubDate><guid>http://blog.bgz.app/posts/hackthebox-phoenix/</guid><description>Phoenix is a machine with the Linux OS and a difficulty level classified as hard. This machine was retired a few days ago. However, due to being busy with end-of-semester assignments and upcoming exams, I only recently managed to write about it.
Machine IP: 10.10.11.149
As always, I performed a port scan to identify the services running on the machine using Nmap.
Nmap scan report for 10.10.11.149 Host is up (0.</description></item><item><title>Hackthebox Paper</title><link>http://blog.bgz.app/posts/hackthebox-paper/</link><pubDate>Mon, 20 Jun 2022 21:10:32 +0700</pubDate><guid>http://blog.bgz.app/posts/hackthebox-paper/</guid><description>Paper is a machine with the Linux OS and is classified as easy. This machine has been retired and replaced by a new machine called Trick.
Machine IP: 10.10.11.143
As usual, I performed a service and port scan using Nmap and got the following result:
Nmap scan report for paper.htb (10.10.11.143) Host is up (0.11s latency). Not shown: 997 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 8.0 (protocol 2.</description></item><item><title>Hackthebox Meta</title><link>http://blog.bgz.app/posts/hackthebox-meta/</link><pubDate>Mon, 13 Jun 2022 19:56:30 +0700</pubDate><guid>http://blog.bgz.app/posts/hackthebox-meta/</guid><description>Meta is a machine running Linux with a medium difficulty level. Since this machine has been retired, I have created a writeup for it.
Machine IP: 10.10.11.140
The first thing I did was scan the machine using nmap to discover open ports and services.
Nmap scan report for 10.10.11.140 Host is up (0.11s latency). Not shown: 998 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.9p1 Debian 10+deb10u2 (protocol 2.</description></item></channel></rss>